cbcvebase.
CVE-2015-5688
published 2015-09-04

CVE-2015-5688: Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot…

PriorityP341medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.38%
94.8th percentile
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

Affected

2 ranges
VendorProductVersion rangeFixed in
geddyjsgeddy
geddyjsgeddy>= 0 < 13.0.813.0.8

Detection & IOCsextracted from sources · hover to see the quote

url/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
pathlib/app/index.js
  • Look for GET requests containing '..%2f' sequences (URL-encoded directory traversal) in the request path targeting the default URI of a Geddy Node.js application.
  • Match HTTP 200 responses whose body contains the regex 'root:.*:0:0:' to confirm successful /etc/passwd retrieval via traversal.
  • Flag Geddy versions prior to 13.0.8 (e.g., 13.0.7) running on Node.js as vulnerable to this directory traversal / LFI.
  • ·The traversal depth used in the proof-of-concept is 16 levels of '..%2f'; shallower traversal sequences may also succeed depending on the server's working directory depth.
  • ·The vulnerability is confined to the default URI handler in lib/app/index.js; custom route configurations may alter exploitability.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.