Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.00457Percentile:
0.63001
CVSS Scoring
CVSS v2 Score: 5.0
Severity:
Affected Products
cpe:2.3:a:yaws:webserver:1.50:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.51:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.52:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.53:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.54:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.55:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me