ID:6254 - Exploit for Path traversal in uWSGI - CVE-2018-7490
Published: June 17, 2021
Vulnerability identifier: #VU11219
Vulnerability risk: Low
CVE-ID: CVE-2018-7490
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
uWSGI
uWSGI
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper file path validation when requesting a resource under the DOCUMENT_ROOT directory. A remote attacker can cause path traversal and gain access to potentially sensitive information.
The weakness exists due to improper file path validation when requesting a resource under the DOCUMENT_ROOT directory. A remote attacker can cause path traversal and gain access to potentially sensitive information.
Remediation
Update to version 2.0.17.