This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Yakuzo reports :
H2O (up to version 1.4.4 / 1.5.0-beta1) contains a flaw in its URL
When file.dir directive is used, this flaw allows a remote attacker to
retrieve arbitrary files that exist outside the directory specified by
H2O version 1.4.5 and version 1.5.0-beta2 have been released to
address this vulnerability.
Users are advised to upgrade their servers immediately.
The vulnerability was reported by: Yusuke OSUMI.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.3