Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Webserver | Yaws | 1.52 | 1.52 |
Webserver | Yaws | 1.54 | 1.54 |
Webserver | Yaws | 1.53 | 1.53 |
Webserver | Yaws | 1.50 | 1.50 |
Webserver | Yaws | 1.51 | 1.51 |
Webserver | Yaws | 1.55 | 1.55 |