cbcvebase.
CVE-2018-16133
published 2018-08-29

CVE-2018-16133: Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.

PriorityP352medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
39.28%
98.4th percentile
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.

Affected

1 ranges
VendorProductVersion rangeFixed in
cybrotechcybrohttpserver

Detection & IOCsextracted from sources · hover to see the quote

path\..\..\..\..\Windows\win.ini
urlhttps://\..\..\..\..\Windows\win.ini
  • Detect directory traversal attempts targeting CyBroHttpServer by matching HTTP GET requests containing backslash-dot-dot sequences (\..\) in the URI path.
  • Confirm successful exploitation by checking HTTP response body for Windows win.ini landmark strings: 'bit app support', 'fonts', and 'extensions' all present together.
  • The vulnerability is exploitable without authentication (PR:N, UI:N) over the network; monitor CyBroHttpServer (default port 8080) for traversal-pattern URIs.
  • ·The PoC was tested on Windows only; the traversal payload uses Windows-style backslashes and targets win.ini, so detection rules relying on forward-slash traversal patterns will miss this attack.
  • ·The Nuclei template requires 'unsafe: true' mode because the raw backslash-based URI is not standards-compliant HTTP; standard HTTP proxies or WAFs may normalize or block the request before it reaches the server.

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.