CVE-2010-10012

HIGH

httpdasm 0.92 - Unauthenticated Path Traversal via URL-Encoded Backslashes

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-10012. PoCs published by John Leitch, John Leitch, Shelby Pace, including Metasploit module auxiliary/scanner/http/httpdasm_directory_traversal.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in httpdASM 0.92 by sending a crafted HTTP GET request with URL-encoded traversal sequences to read files outside the webroot, such as 'boot.ini'.

Description

A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by John Leitch · textremotewindows

https://www.exploit-db.com/exploits/15861

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in httpdASM 0.92 by sending a crafted HTTP GET request with URL-encoded traversal sequences to read files outside the webroot, such as 'boot.ini'.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: httpdASM 0.92

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by John Leitch, Shelby Pace · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/httpdasm_directory_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in httpdasm v0.92 by sending a crafted GET request with encoded traversal sequences to access arbitrary files on the server. The module retrieves the file content and stores it as loot if the request is successful.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: httpdasm v0.92

No auth needed

Prerequisites: Network access to the target server · httpdasm v0.92 running on the target

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/httpasm-path-traversal

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/15861

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/httpdasm_directory_traversal.rb

Various Sources product

https://www.japheth.de/httpdASM.html

Scores

CVSS v4 8.7

EPSS 0.7202

EPSS Percentile 98.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

Japheth/httpdasm 0.92

Published Jul 23, 2025

Tracked Since Feb 18, 2026