High severityNVD Advisory· Published Jul 23, 2025· Updated Apr 15, 2026

CVE-2010-10012

Description

A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/httpdasm_directory_traversal.rbnvd
www.exploit-db.com/exploits/15861nvd
www.japheth.de/httpdASM.htmlnvd
www.vulncheck.com/advisories/httpasm-path-traversalnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.049
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000