CVE-2010-10012

HIGH

httpdasm 0.92 - Path Traversal

Title source: llm

Description

A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by John Leitch · textremotewindows

https://www.exploit-db.com/exploits/15861

View Code ZIP pw:eip

metasploit WORKING POC

by John Leitch, Shelby Pace · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/httpdasm_directory_traversal.rb

View Code ZIP pw:eip

References (4)

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/httpdasm_directory_traversal.rb

[Various Sources] https://www.japheth.de/httpdASM.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/15861

[Third Party Advisory] https://www.vulncheck.com/advisories/httpasm-path-traversal

Scores

CVSS v4 8.7

EPSS 0.6182

EPSS Percentile 98.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-22

Status published

Products (1)

Japheth/httpdasm 0.92

Published Jul 23, 2025

Tracked Since Feb 18, 2026