Search criteria
20 vulnerabilities found for thttpd by acme_labs
CVE-2007-0664 (GCVE-0-2007-0664)
Vulnerability from nvd – Published: 2007-02-02 00:00 – Updated: 2024-08-07 12:26
VLAI?
Summary
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:30.124869",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0664",
"datePublished": "2007-02-02T00:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4248 (GCVE-0-2006-4248)
Vulnerability from nvd – Published: 2006-10-31 19:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22712"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4248",
"datePublished": "2006-10-31T19:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1078 (GCVE-0-2006-1078)
Vulnerability from nvd – Published: 2006-03-09 00:00 – Updated: 2025-01-16 20:02
VLAI?
Summary
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
8.4 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-1078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:01:08.855744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T20:02:13.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:25.293891",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1078",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2025-01-16T20:02:13.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1079 (GCVE-0-2006-1079)
Vulnerability from nvd – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:23.451395",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1079",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3124 (GCVE-0-2005-3124)
Vulnerability from nvd – Published: 2005-11-06 11:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-20T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-883",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3124",
"datePublished": "2005-11-06T11:00:00",
"dateReserved": "2005-10-03T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2628 (GCVE-0-2004-2628)
Vulnerability from nvd – Published: 2005-12-04 22:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:24.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040804 Bug@thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "MISC",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2628",
"datePublished": "2005-12-04T22:00:00",
"dateReserved": "2005-12-04T00:00:00",
"dateUpdated": "2024-08-08T01:36:24.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1562 (GCVE-0-2002-1562)
Vulnerability from nvd – Published: 2003-04-26 04:00 – Updated: 2024-08-08 03:26
VLAI?
Summary
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.php.net/article.php?group=php.cvs\u0026article=15698",
"refsource": "CONFIRM",
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"name": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1562",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-04-22T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0733 (GCVE-0-2002-0733)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI?
Summary
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "CONFIRM",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0733",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0900 (GCVE-0-2000-0900)
Vulnerability from nvd – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0900",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0359 (GCVE-0-2000-0359)
Vulnerability from nvd – Published: 2000-07-12 04:00 – Updated: 2024-08-08 05:14
VLAI?
Summary
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0359",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-05-23T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0664 (GCVE-0-2007-0664)
Vulnerability from cvelistv5 – Published: 2007-02-02 00:00 – Updated: 2024-08-07 12:26
VLAI?
Summary
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:30.124869",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0664",
"datePublished": "2007-02-02T00:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4248 (GCVE-0-2006-4248)
Vulnerability from cvelistv5 – Published: 2006-10-31 19:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22712"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4248",
"datePublished": "2006-10-31T19:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1078 (GCVE-0-2006-1078)
Vulnerability from cvelistv5 – Published: 2006-03-09 00:00 – Updated: 2025-01-16 20:02
VLAI?
Summary
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
8.4 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-1078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:01:08.855744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T20:02:13.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:25.293891",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1078",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2025-01-16T20:02:13.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1079 (GCVE-0-2006-1079)
Vulnerability from cvelistv5 – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:23.451395",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1079",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2628 (GCVE-0-2004-2628)
Vulnerability from cvelistv5 – Published: 2005-12-04 22:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:24.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040804 Bug@thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "MISC",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2628",
"datePublished": "2005-12-04T22:00:00",
"dateReserved": "2005-12-04T00:00:00",
"dateUpdated": "2024-08-08T01:36:24.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3124 (GCVE-0-2005-3124)
Vulnerability from cvelistv5 – Published: 2005-11-06 11:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-20T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-883",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3124",
"datePublished": "2005-11-06T11:00:00",
"dateReserved": "2005-10-03T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1562 (GCVE-0-2002-1562)
Vulnerability from cvelistv5 – Published: 2003-04-26 04:00 – Updated: 2024-08-08 03:26
VLAI?
Summary
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.php.net/article.php?group=php.cvs\u0026article=15698",
"refsource": "CONFIRM",
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"name": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1562",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-04-22T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0733 (GCVE-0-2002-0733)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI?
Summary
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "CONFIRM",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0733",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0900 (GCVE-0-2000-0900)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0900",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0359 (GCVE-0-2000-0359)
Vulnerability from cvelistv5 – Published: 2000-07-12 04:00 – Updated: 2024-08-08 05:14
VLAI?
Summary
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:14:21.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1248"
},
{
"name": "19991116 Security hole in thttpd 1.90a - 2.04",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_announce_30.html"
},
{
"name": "19991113 thttpd 2.04 stack overflow (VD#6)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/1626.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0359",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-05-23T00:00:00",
"dateUpdated": "2024-08-08T05:14:21.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}