CVE-2009-3902

N/A Unknown

Published: November 06, 2009 Modified: April 23, 2026

Description

Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://freetexthost.com/ncyss3plli

Source: cve@mitre.org

Exploit URL Repurposed

http://osvdb.org/59588

Source: cve@mitre.org

Exploit

http://pocoftheday.blogspot.com/2009/10/cherokee-web-server-054-directory.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/37183

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/36874

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2009/3091

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/54024

Source: cve@mitre.org

http://freetexthost.com/ncyss3plli