CVE-2015-5638

H2O <1.4.5, <1.5.0-beta2 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000136
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN65602714/index.html

Scores

EPSS 0.0165
EPSS Percentile 73.7%

Details

CWE
CWE-22
Status published
Products (2)
dena/h20 < 1.4.4
dena/h20 < 1.5.0
Published Sep 20, 2015
Tracked Since Feb 18, 2026