Winstone Servlet Container
Monthly
Arbitrary file read in Winstone Servlet Engine (versions through 0.9.10) lets unauthenticated remote attackers retrieve any file readable by the servlet process by embedding dot-dot-slash sequences in HTTP GET request paths to the static-file handler. The flaw stems from missing path sanitization when resolving requests against the configured webroot, and publicly available exploit code exists (reported by VulnCheck), though it is not listed in CISA KEV. Impact is confidentiality-only but high, escalating to disclosure of OS-level secrets when the engine runs with elevated privileges.
Arbitrary file read in Winstone Servlet Engine (versions through 0.9.10) lets unauthenticated remote attackers retrieve any file readable by the servlet process by embedding dot-dot-slash sequences in HTTP GET request paths to the static-file handler. The flaw stems from missing path sanitization when resolving requests against the configured webroot, and publicly available exploit code exists (reported by VulnCheck), though it is not listed in CISA KEV. Impact is confidentiality-only but high, escalating to disclosure of OS-level secrets when the engine runs with elevated privileges.