Softrex Tornado WWW-Server File Disclosure Vulnerability

info
discussion
exploit
solution
references

Softrex Tornado WWW-Server File Disclosure Vulnerability

It has been announced that Tornado www-Server is vulnerable to a condition that may result in the disclosure of potentially sensitive information.

According to the report, Tornado www-Server does not perform sufficient sanitization on client requested paths which include "../" character sequences.