A security bug was found in Yaws by SEC-Consult Unternehmensberatung
GmbH while they were doing security assements on the Nortel SSL-VPN produkt=
If a null byte is appended to the filename of a yaws script (.yaws), the
yaws webserver returns a page containing the source code of the
according script. This flaw allows a malicious attacker to analyse the
source code of the entire web application, which might result in the
attacker gaining sensitiv information like passwords.
A new release (1.56) as well as a patch is available at
Get latest updates about Open Source Projects, Conferences and News.