CVE-2010-4181

Yaws 1.89 - Path Traversal via Dot Dot Backslash Sequences

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4181. PoCs published by nitr0us.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Yaws 1.89 by using various encoded and obfuscated traversal sequences to access sensitive files like boot.ini and hosts. The PoC leverages the DotDotPwn tool to fuzz and identify vulnerable paths.

Description

Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.

Exploits (1)

exploitdb WORKING POC
by nitr0us · textremotewindows
https://www.exploit-db.com/exploits/15371

This exploit demonstrates a directory traversal vulnerability in Yaws 1.89 by using various encoded and obfuscated traversal sequences to access sensitive files like boot.ini and hosts. The PoC leverages the DotDotPwn tool to fuzz and identify vulnerable paths.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Yaws 1.89
No auth needed
Prerequisites: Network access to the target web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62917
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42066
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15371
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/68962
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2858
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44564

Scores

EPSS 0.0845
EPSS Percentile 94.3%

Details

CWE
CWE-22
Status published
Products (1)
yaws/yaws 1.89
Published Nov 04, 2010
Tracked Since Feb 18, 2026