CVE-2016-1231 — Path Traversal in Prosody

CWE-22 — Path Traversal5 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

0.7%

top 26.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Prosody Debian Prosody Debian Linux +1 more

Timeline

PublishedJan 12

Latest updateMay 17

Description

Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/prosody< prosody 0.9.9-1 (bookworm)

▶Debianprosody/prosody< 0.9.9-1+3

▶NVDprosody/prosody9 versions+8

Also affects: Debian Linux 7.0, 8.0, Fedora 22, 23

Patches

Patch: blog.prosody.im ↗Patch: blog.prosody.im ↗

🔴Vulnerability Details

GHSA

GHSA-8q2g-4r27-6vpc: Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0↗2022-05-17

▶

OSV

CVE-2016-1231: Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0↗2016-01-12

▶

📋Vendor Advisories

Debian

CVE-2016-1231: prosody - Directory traversal vulnerability in the HTTP file-serving module (mod_http_file...↗2016

▶

💬Community

Bugzilla

CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files↗2016-01-08

▶