Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2003-0899
HistoryNov 03, 2003 - 5:00 a.m.

CVE-2003-0899

2003-11-0305:00:00
CWE-131
[email protected]
web.nvd.nist.gov
38
cve-2003-0899
buffer overflow
defang
libhttpd.c
thttpd 2.21
thttpd 2.23b1
remote attackers
arbitrary code
security vulnerability
nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.193 Low

EPSS

Percentile

96.3%

JSON

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain ‘<’ or ‘>’ characters, which trigger the overflow when the characters are expanded to “<” and “>” sequences.

CPENameOperatorVersion
acme:thttpdacme thttpdeq2.23

Related

ubuntucve 1
cvelist 1
openvas 2
nessus 3
osv 1
debian 2
suse 1
ubuntucve
ubuntucve
CVE-2003-0899
2003-11-03 00:00:00
cvelist
cvelist
CVE-2003-0899
2003-10-30 05:00:00
openvas
openvas
Debian Security Advisory DSA 396-1 (thttpd)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-396)
2008-01-17 00:00:00
nessus
nessus
SuSE-SA:2003:044: thttpd
2004-07-25 00:00:00
Debian DSA-396-1 : thttpd - missing input sanitizing, wrong calculation
2004-09-29 00:00:00
thttpd Host Header Traversal Arbitrary File Access
2003-05-06 00:00:00
osv
osv
thttpd - missing input sanitizing, wrong calculation
2003-10-29 00:00:00
debian
debian
[SECURITY] [DSA 396-1] New thttpd packages fix information leak, DoS and arbitrary code execution
2003-10-29 08:00:08
[SECURITY] [DSA 396-1] New thttpd packages fix information leak, DoS and arbitrary code execution
2003-10-29 00:00:00
suse
suse
remote privilege escalation/ in thttpd
2003-10-31 12:38:13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.193 Low

EPSS

Percentile

96.3%

JSON
Related for CVE-2003-0899
ubuntucve1cvelist1openvas2nessus3osv1debian2suse1