CVE-2017-10974 — AI Deep Analysis Summary

🚨 **Essence**: Yaws Web Server (v1.91) has a critical **HTTP Directory Traversal** flaw. 📉 **Consequences**: Attackers can read sensitive files, specifically the **SSL Private Key**, leading to total server compromise.

🛡️ **Root Cause**: **Unauthenticated Local File Inclusion (LFI)**. The server fails to sanitize input paths, allowing `../` sequences to escape the web root. 🐛 **Flaw**: Poor path validation in the request handler.

📦 **Affected**: **Yaws** (Yet Another Web Server) based on Erlang. 📅 **Version**: Specifically **v1.91**. 🌐 **Mode**: Both standalone and embedded execution modes are at risk.

💻 **Hackers Can**: Read arbitrary files on the server. 🔑 **Key Data**: Access the **SSL Private Key**. 🕵️ **Impact**: Decrypt HTTPS traffic, impersonate the server, and gain deeper system access.

⚡ **Threshold**: **LOW**. 🔓 **Auth**: **Unauthenticated**. No login required. 🌍 **Config**: Exploitable via standard HTTP requests on port 8080. Easy to trigger remotely.

🔓 **Public Exp?**: **YES**. 📜 **PoC**: Available on Exploit-DB (ID: 42303) and ProjectDiscovery Nuclei templates. 🌐 **Wild Exploitation**: High risk due to simple `/%5C../` payload.

🔍 **Self-Check**: Scan for Yaws server banners. 🧪 **Test**: Send `GET /%5C../` to port 8080. 👀 **Result**: If server responds with file content (not 404), it is vulnerable.

🛠️ **Official Fix**: The data implies a fix exists for versions > 1.91. 📥 **Action**: Upgrade Yaws to the latest stable version. 🔄 **Mitigation**: Apply vendor patches immediately upon release.

🚧 **No Patch?**: Block external access to port 8080. 🚫 **WAF**: Configure rules to block `../` or `%5C../` in URL paths. 🔒 **Restrict**: Limit file access permissions on the server OS.

🔥 **Urgency**: **CRITICAL**. 🚨 **Priority**: **P1**. Since it is unauthenticated and exposes SSL keys, immediate patching or mitigation is required to prevent data breach.