Unrated severityNVD Advisory· Published Sep 27, 2006· Updated Jun 16, 2026

CVE-2006-5050

Description

Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.

Affected products

Busybox/Busybox2 versions
cpe:2.3:a:rob_landley:busybox:1.01:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:rob_landley:busybox:1.01:*:*:*:*:*:*:*
- (no CPE)

Patches

Vulnerability mechanics

References

securitytracker.com/idnvdExploit
securityreason.com/securityalert/1636nvd
www.securityfocus.com/archive/1/446228/100/0/threadednvd
www.securityfocus.com/bid/20067nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000