CVE-2017-16198

HIGH

ritp - Path Traversal via URL Parameter

Title source: llm
STIX 2.1

Description

ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/432

Scores

CVSS v3 7.5
EPSS 0.0200
EPSS Percentile 78.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (5)
npm/ritp 0npm
ritp_project/ritp 1.0.2
ritp_project/ritp 1.0.3
ritp_project/ritp 1.0.4
ritp_project/ritp 1.0.5
Published Jun 07, 2018
Tracked Since Feb 18, 2026