CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.

Date published : 2016-01-12

http://blog.prosody.im/prosody-0-9-9-security-release/

https://prosody.im/issues/issue/520