FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

h2o -- directory traversal vulnerability

Affected packages
		h2o	<	1.6.2

Details

VuXML ID	6c808811-bb9a-11e5-a65c-485d605f4717
Discovery	2016-01-13
Entry	2016-01-15

Yakuzo OKU reports:

When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response.

[source]

References

CVE Name	CVE-2016-1133
URL	https://h2o.examp1e.net/vulnerabilities.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.