Search criteria
34 vulnerabilities found for thttpd by acme_labs
FKIE_CVE-2007-0664
Vulnerability from fkie_nvd - Published: 2007-02-02 21:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE6CC7E-F28B-42D4-813D-80A7E843DCFF",
"versionEndIncluding": "2.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files."
},
{
"lang": "es",
"value": "thttpd anterior a 2.25b-r6 en Gentoo Linux es iniciado desde el directorio ra\u00edz del sistema (/) por el paquete de distribuci\u00f3n base 1.12.6 de Gentoo, lo cual permite a atacantes remotos leer archivos de su elecci\u00f3n."
}
],
"id": "CVE-2007-0664",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-02T21:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31965"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24018"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22349"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4248
Vulnerability from fkie_nvd - Published: 2006-10-31 19:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:2.25b:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE72B09-4A62-4C57-9695-AB359F6C0A2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
},
{
"lang": "es",
"value": "thttpd en Debian GNU/Linux, y posiblemente otras distribuciones, permite a usuarios locales crear o tocar ficheros de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el fichero temporal start_thttpd."
}
],
"id": "CVE-2006-4248",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-31T19:07:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/22712"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2006/dsa-1205"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/20891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20891"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1078
Vulnerability from fkie_nvd - Published: 2006-03-09 00:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:2.25b:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE72B09-4A62-4C57-9695-AB359F6C0A2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en htpasswd, como se utiliza en Acme thttpd 2.25b y posiblemente otros productos tales como Apache, podr\u00edan permitir a usuarios locales obtener privilegios a trav\u00e9s de (1) un argumento de l\u00ednea de comando largo y (2) una l\u00ednea larga en un archivo. NOTA: debido a que htpasswd normalmente es instalado como un programa no setuid y la explotaci\u00f3n es a trav\u00e9s de las opciones de l\u00ednea de comando, quiz\u00e1s esta cuesti\u00f3n no deber\u00eda incluirse en la CVE. Sin embargo, si hay algunas configuraciones t\u00edpicas o recomendadas que utilizan htpasswd con privilegios de sudo o productos comunes que acceden remotamente a htpasswd, entonces tal vez deber\u00eda ser incluido."
}
],
"id": "CVE-2006-1078",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2006-03-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"source": "cve@mitre.org",
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"source": "cve@mitre.org",
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16972"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1079
Vulnerability from fkie_nvd - Published: 2006-03-09 00:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:2.25b:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE72B09-4A62-4C57-9695-AB359F6C0A2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
},
{
"lang": "es",
"value": "htpasswd, como se utiliza en Acme thttpd 2.25b y posiblemente otros productos tales como Apache, podr\u00edan permitir a usuarios locales obtener privilegios a trav\u00e9s de metacaracteres de shell en un argumento de l\u00ednea de comando, lo que se utiliza en una llamada a la funci\u00f3n del sistema. NOTA: debido a que htpasswd normalmente es instalado como un programa no setuid y la explotaci\u00f3n es a trav\u00e9s de las opciones de l\u00ednea de comando, quiz\u00e1s esta cuesti\u00f3n deber\u00eda no incluirse en la CVE. Sin embargo, si hay algunas configuraciones t\u00edpicas o recomendadas que utilizan htpasswd con privilegios de sudo o productos comunes que acceden remotamente a a htpasswd, entonces tal vez deber\u00eda ser incluido."
}
],
"id": "CVE-2006-1079",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23828"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16972"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3124
Vulnerability from fkie_nvd - Published: 2005-11-06 11:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:2.21b:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC6999F-54B3-45D0-A089-018BB469A03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:2.23b1:*:*:*:*:*:*:*",
"matchCriteriaId": "0058B7F6-FD3B-4CAA-BCA8-2218390DA18C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
],
"id": "CVE-2005-3124",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-06T11:02:00.000",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17454"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/17472"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/15320"
},
{
"source": "security@debian.org",
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2308"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2628
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:2.0.7_beta_0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "223262EF-8131-4D4B-8A44-4388E6393F2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
],
"id": "CVE-2004-2628",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-1562
Vulnerability from fkie_nvd - Published: 2003-05-12 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "530B8573-696A-438D-A284-0454BCF1CCB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en thttpd, cuando se usan servidores virtuales, permite a atacantes remotos leer ficheros mediante secuencias .. (punto punto) en la cabecera Host:"
}
],
"id": "CVE-2002-1562",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2003/dsa-396"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-0733
Vulnerability from fkie_nvd - Published: 2002-08-12 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acme_labs:thttpd:2.20b:*:*:*:*:*:*:*",
"matchCriteriaId": "888C5BBF-F578-4B17-BC5E-645BC7BFC5E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados en thttpd 2.20 y anteriores permite a atacantes remotos la ejecuci\u00f3n arbitraria de rutinas mediante una URL a una p\u00e1gina inexistente, lo cual provoca que thttpd inserte la rutina en un mensaje de error 404."
}
],
"id": "CVE-2002-0733",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"source": "cve@mitre.org",
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5125"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4601"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-0664 (GCVE-0-2007-0664)
Vulnerability from cvelistv5 – Published: 2007-02-02 00:00 – Updated: 2024-08-07 12:26
VLAI?
Summary
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:30.124869",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0664",
"datePublished": "2007-02-02T00:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4248 (GCVE-0-2006-4248)
Vulnerability from cvelistv5 – Published: 2006-10-31 19:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22712"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4248",
"datePublished": "2006-10-31T19:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1078 (GCVE-0-2006-1078)
Vulnerability from cvelistv5 – Published: 2006-03-09 00:00 – Updated: 2025-01-16 20:02
VLAI?
Summary
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
8.4 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-1078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:01:08.855744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T20:02:13.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:25.293891",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1078",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2025-01-16T20:02:13.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1079 (GCVE-0-2006-1079)
Vulnerability from cvelistv5 – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:23.451395",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1079",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2628 (GCVE-0-2004-2628)
Vulnerability from cvelistv5 – Published: 2005-12-04 22:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:24.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040804 Bug@thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "MISC",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2628",
"datePublished": "2005-12-04T22:00:00",
"dateReserved": "2005-12-04T00:00:00",
"dateUpdated": "2024-08-08T01:36:24.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3124 (GCVE-0-2005-3124)
Vulnerability from cvelistv5 – Published: 2005-11-06 11:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-20T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-883",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3124",
"datePublished": "2005-11-06T11:00:00",
"dateReserved": "2005-10-03T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1496 (GCVE-0-2001-1496)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1496",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0899 (GCVE-0-2003-0899)
Vulnerability from cvelistv5 – Published: 2003-10-30 05:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain \u0027\u003c\u0027 or \u0027\u003e\u0027 characters, which trigger the overflow when the characters are expanded to \"\u0026lt;\" and \"\u0026gt;\" sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain \u0027\u003c\u0027 or \u0027\u003e\u0027 characters, which trigger the overflow when the characters are expanded to \"\u0026lt;\" and \"\u0026gt;\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2729"
},
{
"name": "http://www.texonet.com/advisories/TEXONET-20030908.txt",
"refsource": "MISC",
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0899",
"datePublished": "2003-10-30T05:00:00",
"dateReserved": "2003-10-28T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1562 (GCVE-0-2002-1562)
Vulnerability from cvelistv5 – Published: 2003-04-26 04:00 – Updated: 2024-08-08 03:26
VLAI?
Summary
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.php.net/article.php?group=php.cvs\u0026article=15698",
"refsource": "CONFIRM",
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"name": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1562",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-04-22T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0733 (GCVE-0-2002-0733)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI?
Summary
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "CONFIRM",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0733",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0900 (GCVE-0-2000-0900)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0900",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0664 (GCVE-0-2007-0664)
Vulnerability from nvd – Published: 2007-02-02 00:00 – Updated: 2024-08-07 12:26
VLAI?
Summary
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:30.124869",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://bugs.gentoo.org/show_bug.cgi?id=142047"
},
{
"name": "24018",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/24018"
},
{
"name": "31965",
"tags": [
"vdb-entry"
],
"url": "http://osvdb.org/31965"
},
{
"name": "22349",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/22349"
},
{
"name": "GLSA-200701-28",
"tags": [
"vendor-advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200701-28.xml"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0664",
"datePublished": "2007-02-02T00:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4248 (GCVE-0-2006-4248)
Vulnerability from nvd – Published: 2006-10-31 19:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-11-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "20891",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20891"
},
{
"name": "22712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22712"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277"
},
{
"name": "DSA-1205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4248",
"datePublished": "2006-10-31T19:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1078 (GCVE-0-2006-1078)
Vulnerability from nvd – Published: 2006-03-09 00:00 – Updated: 2025-01-16 20:02
VLAI?
Summary
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
8.4 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-1078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:01:08.855744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T20:02:13.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:25.293891",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070102 Apache 1.3.37 htpasswd buffer overflow vulnerability",
"tags": [
"mailing-list"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html"
},
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "20041029 Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/bugtraq/2004/Oct/0359.html"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41279"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "thttpd-command-file-bo(25216)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25216"
},
{
"name": "20040916 FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0547.html"
},
{
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31975"
},
{
"name": "20041029 Apache 1.3.33 local buffer overflow in apache 1.3.31 not fixed in .33?",
"tags": [
"mailing-list"
],
"url": "http://www.security-express.com/archives/fulldisclosure/2004-10/1117.html"
},
{
"name": "apache-htpasswd-strcpy-bo(31236)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31236"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1078",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2025-01-16T20:02:13.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1079 (GCVE-0-2006-1079)
Vulnerability from nvd – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:23.451395",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060305 htpasswd bufferoverflow and command execution in thttpd-2.25b.",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/426823/100/0/threaded"
},
{
"name": "[thttpd] 20060305 Re: htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114154083000296\u0026w=2"
},
{
"name": "thttpd-command-line-bo(25217)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25217"
},
{
"name": "16972",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/16972"
},
{
"name": "23828",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/23828"
},
{
"name": "[thttpd] 20060305 htpasswd.c security issues",
"tags": [
"mailing-list"
],
"url": "http://marc.info/?l=thttpd\u0026m=114153031201867\u0026w=2"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1079",
"datePublished": "2006-03-09T00:00:00",
"dateReserved": "2006-03-08T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2628 (GCVE-0-2004-2628)
Vulnerability from nvd – Published: 2005-12-04 22:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:24.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (\"%5C..\") or (2) a drive letter (such as \"C:\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040804 Bug@thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109164010629836\u0026w=2"
},
{
"name": "1010850",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/Aug/1010850.html"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "MISC",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-directory-traversal(16882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16882"
},
{
"name": "10862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10862"
},
{
"name": "20040804 Bug@thttpd",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html"
},
{
"name": "8372",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2628",
"datePublished": "2005-12-04T22:00:00",
"dateReserved": "2005-12-04T00:00:00",
"dateUpdated": "2024-08-08T01:36:24.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3124 (GCVE-0-2005-3124)
Vulnerability from nvd – Published: 2005-11-06 11:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-20T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-883",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-883"
},
{
"name": "17472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17472"
},
{
"name": "ADV-2005-2308",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2308"
},
{
"name": "17454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17454"
},
{
"name": "15320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3124",
"datePublished": "2005-11-06T11:00:00",
"dateReserved": "2005-10-03T00:00:00",
"dateUpdated": "2024-08-07T23:01:58.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1496 (GCVE-0-2001-1496)
Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1496",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0899 (GCVE-0-2003-0899)
Vulnerability from nvd – Published: 2003-10-30 05:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain \u0027\u003c\u0027 or \u0027\u003e\u0027 characters, which trigger the overflow when the characters are expanded to \"\u0026lt;\" and \"\u0026gt;\" sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain \u0027\u003c\u0027 or \u0027\u003e\u0027 characters, which trigger the overflow when the characters are expanded to \"\u0026lt;\" and \"\u0026gt;\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2729"
},
{
"name": "http://www.texonet.com/advisories/TEXONET-20030908.txt",
"refsource": "MISC",
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0899",
"datePublished": "2003-10-30T05:00:00",
"dateReserved": "2003-10-28T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1562 (GCVE-0-2002-1562)
Vulnerability from nvd – Published: 2003-04-26 04:00 – Updated: 2024-08-08 03:26
VLAI?
Summary
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.php.net/article.php?group=php.cvs\u0026article=15698",
"refsource": "CONFIRM",
"url": "http://news.php.net/article.php?group=php.cvs\u0026article=15698"
},
{
"name": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=thttpd\u0026m=103609565110472\u0026w=2"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "CLA-2003:777",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1562",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-04-22T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0733 (GCVE-0-2002-0733)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI?
Summary
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/5holes1.txt"
},
{
"name": "http://www.acme.com/software/thttpd/#releasenotes",
"refsource": "CONFIRM",
"url": "http://www.acme.com/software/thttpd/#releasenotes"
},
{
"name": "thttpd-error-page-css(9029)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9029.php"
},
{
"name": "4601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4601"
},
{
"name": "20020417 Smalls holes on 5 products #1",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html"
},
{
"name": "5125",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0733",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0900 (GCVE-0-2000-0900)
Vulnerability from nvd – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI?
Summary
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a \"%2e%2e\" string, a variation of the .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1737"
},
{
"name": "FreeBSD-SA-00:73",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc"
},
{
"name": "acme-thttpd-ssi(5313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5313"
},
{
"name": "20001002 thttpd ssi: retrieval of arbitrary world-readable files",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0900",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}