CVE-2017-16029 Information
Feb 14, 2021
cve
Description
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending ../ in the url path for GET requests.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://github.com/henrytseng/hostr/issues/8
https://nodesecurity.io/advisories/303
hostr
is
a
simple
web
server
that
serves
up
the
contents
of
the
current
directory.
There
is
a
directory
traversal
vulnerability
in
hostr
2.3.5
and
earlier
that
allows
an
attacker
to
read
files
outside
the
current
directory
by
sending
../
in
the
url
path
for
GET
requests.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: