Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

httpdasm Path Traversal Vulnerability

Vulnerability

Exploited

A path traversal vulnerability has been identified in httpdasm version 0.92, a lightweight HTTP server for Windows. This vulnerability allows unauthenticated attackers to read arbitrary files on the host system by sending specially crafted GET requests that include URL-encoded backslashes and directory traversal patterns. Exploitation of this vulnerability can lead to access sensitive files outside the web root directory.

Impact

Exploitation of this vulnerability allows for unauthorized access to files outside the web root directory, potentially leading to the disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, send a GET request to the httpdasm server with a payload that includes URL-encoded directory traversal sequences, such as multiple instances of '%2E%2E%5C', followed by the name of a file located outside the web root, such as 'boot.ini'.

Added: Jul 23, 2025, 3:52 PM

Updated: Jul 23, 2025, 3:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

9.1

remediation

0.0

relevance

0.3

threat

9.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

9.1

remediation

0.0

relevance

0.3

threat

9.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

httpdasm Path Traversal Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating