Miggo Logo
Miggo Vulnerability Database
CVE-2018-16478

CVE-2018-16478: Path Traversal in simplehttpserver

5.3

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-16478
GHSA ID
GHSA-vwr2-wj63-86gr
EPSS Score
0.44211%
CWE
CWE-22
Published
12/6/2018
Updated
9/12/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
simplehttpservernpm<= 0.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly states improper handling of symlinks and path traversal. In simple HTTP servers, the core vulnerability typically resides in the request handler that maps URLs to filesystem paths. Without proper path normalization (resolving '..' segments) or symlink validation (checking if resolved path remains within webroot), this function would be vulnerable. While exact implementation details aren't provided, this pattern matches the described CWE-22 vulnerability with high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ll v*rsions o* `simpl**ttps*rv*r` *r* vuln*r**l* to P*t* Tr*v*rs*l. T*is vuln*r**ility *llows *n *tt**k*r to ****ss *il*s outsi** t** w**root sin** it *llows symlink n*vi**tion in t** URL. ## R**omm*n**tion No *ix is *urr*ntly *v*il**l*. *o not

Reasoning

T** vuln*r**ility **s*ription *xpli*itly st*t*s improp*r **n*lin* o* symlinks *n* p*t* tr*v*rs*l. In simpl* `*TTP` s*rv*rs, t** *or* vuln*r**ility typi**lly r*si**s in t** r*qu*st **n*l*r t**t m*ps URLs to *il*syst*m p*t*s. Wit*out prop*r p*t* norm*l