CVE-2020-36939

HIGH

Cassandra Web 0.5.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-36939. PoCs published by Jeremy Brown, Jeremy Brown, krastanoel, including Metasploit module auxiliary/scanner/http/cassandra_web_file_read.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Cassandra Web 0.5.0, allowing remote file read via crafted HTTP requests. It bypasses Rack::Protection to access arbitrary files, including sensitive data like credentials.

Description

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.

Exploits (2)

exploitdb WORKING POC

by Jeremy Brown · pythonwebappslinux

https://www.exploit-db.com/exploits/49362

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Cassandra Web 0.5.0, allowing remote file read via crafted HTTP requests. It bypasses Rack::Protection to access arbitrary files, including sensitive data like credentials.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cassandra Web 0.5.0

No auth needed

Prerequisites: Network access to the target server · Cassandra Web 0.5.0 running on the target

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC

by Jeremy Brown, krastanoel · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/cassandra_web_file_read.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Cassandra Web 0.5.0 and earlier, allowing arbitrary file read with web server privileges. The exploit sends a crafted GET request with traversal sequences to read files like /etc/passwd.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cassandra Web version 0.5.0 and earlier

No auth needed

Prerequisites: Network access to the target server · Cassandra Web service running on port 3000 (default)

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 27, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources product

https://github.com/avalanche123/cassandra-web

View Writeup ZIP pw:eip

Various Sources product

https://rubygems.org/gems/cassandra-web/versions/0.5.0

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/cassandra-web-remote-file-read

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/49362

Scores

CVSS v3 7.5

EPSS 0.5888

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

avalanche123/Cassandra Web 0.5.0

Published Jan 27, 2026

Tracked Since Feb 18, 2026