Posted by aj on Nov 02

Hey folks,

Spark (sparkjava.com) is a mildly hyped Java micro web framework that
also provides functionality to serve static files. Unfortunately,
there’s no protection against directory traversal attacks and I haven’t
been able to contact anyone related to the project (after trying 4
people over 2 weeks). As this bug is not that awesome, and fairly
trivial to find, please help yourself to some semi-shitty 0-day.

If configured, Spark…