Security Advisory

CVE-2023-25802

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-13 19:35:11

Last updated 2025-02-25 14:58:23

Assigner GitHub_M

State PUBLISHED

Description

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 dont correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.

← Browse all CVEs View on cve.org ↗