Full title: Cassandra Web 0.5.0 Remote File Read Exploit 
Category: web applications
Platform: linux
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.

# 0day.today @ http://0day.today/