FKIE_CVE-2010-2320

Vulnerability from fkie_nvd - Published: 2010-08-02 20:40 - Updated: 2025-04-11 00:51
Severity ?
Summary
bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298Exploit
cve@mitre.orghttp://secunia.com/advisories/40737Vendor Advisory
cve@mitre.orghttp://security-tracker.debian.org/tracker/CVE-2010-2320
cve@mitre.orghttp://www.eterna.com.au/bozohttpd/CHANGES
cve@mitre.orghttps://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/60812
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298Exploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40737Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security-tracker.debian.org/tracker/CVE-2010-2320
af854a3a-2127-422b-91ae-364da2661108http://www.eterna.com.au/bozohttpd/CHANGES
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/60812
Impacted products
Vendor Product Version
eterna bozohttpd *
eterna bozohttpd 19990519
eterna bozohttpd 20000421
eterna bozohttpd 20000426
eterna bozohttpd 20000427
eterna bozohttpd 20000815
eterna bozohttpd 20000825
eterna bozohttpd 20010610
eterna bozohttpd 20010812
eterna bozohttpd 20010922
eterna bozohttpd 20020710
eterna bozohttpd 20020730
eterna bozohttpd 20020803
eterna bozohttpd 20020804
eterna bozohttpd 20020823
eterna bozohttpd 20020913
eterna bozohttpd 20021106
eterna bozohttpd 20030313
eterna bozohttpd 20030409
eterna bozohttpd 20030626
eterna bozohttpd 20031005
eterna bozohttpd 20040218
eterna bozohttpd 20040808
eterna bozohttpd 20050410
eterna bozohttpd 20060517
eterna bozohttpd 20060710
eterna bozohttpd 20080303
eterna bozohttpd 20090417
eterna bozohttpd 20090522
eterna bozohttpd 20100509
eterna bozohttpd 20100512
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D910A925-6561-46D1-AF53-97B9E10909DA",
              "versionEndIncluding": "20100617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:19990519:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5BA38EE-559D-4341-8291-788C74EE4346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20000421:*:*:*:*:*:*:*",
              "matchCriteriaId": "930F7A3F-A7C8-4603-A4E5-9AB3C27F7355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20000426:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0A6287D-F9C0-4934-84CA-22572806AE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20000427:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A9C2032-F26A-4D5B-A631-4EA68ABD4FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20000815:*:*:*:*:*:*:*",
              "matchCriteriaId": "860DBF31-9655-417A-B2C7-5F389B675FB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20000825:*:*:*:*:*:*:*",
              "matchCriteriaId": "E72B5243-904B-4E12-BD28-DDF03EEF6B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20010610:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FC42DDE-41C9-4DAA-8EB5-CC5D5FFDCCC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20010812:*:*:*:*:*:*:*",
              "matchCriteriaId": "17457601-F61A-444D-8E33-0FE0ED723F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20010922:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EAEC35-E205-4717-826D-F4D1FCA6DC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20020710:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA4A13CA-DCB0-4C1F-A3DA-27A36BC116B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20020730:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D86758B-C34A-4689-9B3A-9CF614D2E4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20020803:*:*:*:*:*:*:*",
              "matchCriteriaId": "732DBCCD-B38A-47B7-BD4B-4EE4CF370AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20020804:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB916FC-4FB9-48EF-8D46-26C29D35DCD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20020823:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB26F26-3B1E-44BB-A8D1-FB823C2759B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20020913:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D2148E4-FB12-4613-8F55-1AB364363BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20021106:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8EFEEB4-07C3-459F-A807-12A21AFD94F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20030313:*:*:*:*:*:*:*",
              "matchCriteriaId": "30FA69A8-657F-44A0-999D-89EA7E24072E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20030409:*:*:*:*:*:*:*",
              "matchCriteriaId": "B41528DD-A3C0-40D9-9DCC-4C7962337BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20030626:*:*:*:*:*:*:*",
              "matchCriteriaId": "274EC529-8C50-44C3-96AE-9C636C9183B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20031005:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A29464-13AF-474E-B0F6-BF65F44B3EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20040218:*:*:*:*:*:*:*",
              "matchCriteriaId": "579B9F00-9093-4D4B-9F19-0FBDA141FD31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20040808:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB017665-6823-407E-AFF3-5A8C1848B3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20050410:*:*:*:*:*:*:*",
              "matchCriteriaId": "13BE5871-6AB5-4A4B-BD7B-59D7D6161867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20060517:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E00FD78-FCBF-4D10-AC00-73B6838758B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20060710:*:*:*:*:*:*:*",
              "matchCriteriaId": "162B8DC7-76B5-45E3-8DF3-62C32AB0FB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20080303:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BAA49A-41BA-436B-902C-FCDE8C156C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20090417:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8280988-55E3-4A94-93E3-1064A8B54C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20090522:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1668326-2B90-4D98-859C-CFDFD7811E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20100509:*:*:*:*:*:*:*",
              "matchCriteriaId": "620F61ED-B77F-48B7-93EA-7089A9C0BBE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterna:bozohttpd:20100512:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F081AF-5022-44B4-BBB7-108374DDFADB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences."
    },
    {
      "lang": "es",
      "value": "bozotic HTTP server (tambi\u00e9n conocido como bozohttpd), en versiones anteriores a la 20100621, permite a atacantes remotos listar el contenido de los directorios home y conocer las cuentas de usuario mediante m\u00faltiples peticiones a URIs que empiezan con secuencias /~."
    }
  ],
  "id": "CVE-2010-2320",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-02T20:40:01.060",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40737"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security-tracker.debian.org/tracker/CVE-2010-2320"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.eterna.com.au/bozohttpd/CHANGES"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security-tracker.debian.org/tracker/CVE-2010-2320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.eterna.com.au/bozohttpd/CHANGES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60812"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.