FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

h2o -- directory traversal vulnerability

Affected packages
h2o < 1.6.2

Details

VuXML ID 6c808811-bb9a-11e5-a65c-485d605f4717
Discovery 2016-01-13
Entry 2016-01-15

Yakuzo OKU reports:

When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response.

References

CVE Name CVE-2016-1133
URL https://h2o.examp1e.net/vulnerabilities.html