debian · CVE-2015-5638

Quick triage

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-5638 unimportant priority: Debian including 1 source packages (h2o), 2 status rows across 2 suites (bookworm, bullseye): resolved 2.

Description:

Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.