CVE-2010-10012

httpdasm 0.92 - Path Traversal

Title source: llm

Description

A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by John Leitch · textremotewindows

https://www.exploit-db.com/exploits/15861

View Code ZIP pw:eip

metasploit WORKING POC

by John Leitch, Shelby Pace · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/httpdasm_directory_traversal.rb

View Code ZIP pw:eip

References (4)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/httpdasm_directory_traversal.rb

[Various Sources] https://www.japheth.de/httpdASM.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/15861

[Third Party Advisory] https://www.vulncheck.com/advisories/httpasm-path-traversal

Scores

EPSS 0.5804

EPSS Percentile 98.1%

Classification

CWE

CWE-22

Status draft

Timeline

Published Jul 23, 2025

Tracked Since Feb 18, 2026