CVE-2017-16109 Information
Description
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue giving an attacker access to the filesystem by placing ../\ in the url. Access is constrained however to supported file types. Requesting a file such as /etc/passwd returns a \not supported\ error.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/easyquick
https://nodesecurity.io/advisories/373
easyquick
is
a
simple
web
server.
easyquick
is
vulnerable
to
a
directory
traversal
issue
giving
an
attacker
access
to
the
filesystem
by
placing
../
in
the
url.
Access
is
constrained
however
to
supported
file
types.
Requesting
a
file
such
as
/etc/passwd
returns
a
\not
supported
error.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3
Share on: