{"published": "2000-02-29T00:00:00", "id": "EDB-ID:19785", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "history": [], "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "hash": "a268b9726a526236d83b4c2b4c76fa1558354c61a1b62b6173673f8096149b67", "description": "The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 Arbitrary File Inclusion. CVE-2000-0208. Remote exploit for unix platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/19785/", "lastseen": "2016-02-02T12:42:32", "edition": 1, "title": "The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion", "osvdbidlist": ["89"], "modified": "2000-02-29T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2000-0208"], "sourceHref": "https://www.exploit-db.com/download/19785/", "references": [], "reporter": "Geoff Hutchison", "sourceData": "source: http://www.securityfocus.com/bid/1026/info\r\n\r\nht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character ( ` ) is taken as a path to a file for inclusion, for example:\r\nsome_parameter:\t`var/htdig/some_file`\r\n\r\nhtdig will also allow included files to be specified via form input. Therefore, any file can be specified for inclusion into a variable by any web user.\r\n\r\nThe URL:\r\nhttp ://target/cgi-bin/htsearch?Exclude=%60/etc/passwd%60\r\nwill return a page with the contents of /etc/passwd in the 'exclude' field.", "objectVersion": "1.0"}

{"cve": [{"lastseen": "2016-09-03T02:35:10", "references": ["http://www.securityfocus.com/bid/1026"], "description": "The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.", "edition": 1, "reporter": "NVD", "published": "2000-02-29T00:00:00", "title": "CVE-2000-0208", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T02:35:10", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2000-0208"], "scanner": [], "cpe": ["cpe:/a:htdig:htdig:3.1.4", "cpe:/a:htdig:htdig:3.1.3", "cpe:/a:htdig:htdig:3.1.1", "cpe:/a:htdig:htdig:3.1.2", "cpe:/a:htdig:htdig:3.2.0b1"], "modified": "2008-09-10T15:03:18", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0208", "id": "CVE-2000-0208", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "references": [], "edition": 1, "description": "## Vulnerability Description\nht://Dig contains a flaw that allows a remote attacker to access arbitrary files. This flaw exists because the 'htsearch.cgi' script does not validate user-supplied input containing backticks (`), which could allow a remote attacker to access arbitrary files resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, The ht://Dig Group has released a patch to address this vulnerability.\n## Short Description\nht://Dig contains a flaw that allows a remote attacker to access arbitrary files. This flaw exists because the 'htsearch.cgi' script does not validate user-supplied input containing backticks (`), which could allow a remote attacker to access arbitrary files resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[victim]/cgi-bin/htsearch?exclude=%60/etc/passwd%60\n## References:\nVendor URL: http://www.htdig.org/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2000/20000227)\n[Vendor Specific Advisory URL](http://www.turbolinux.com/pipermail/tl-security-announce/2000-March/000004.html)\n[Vendor Specific Advisory URL](ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:06-htdig.asc)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/suse_security_announce_42.txt)\n[Nessus Plugin ID:10105](https://vulners.com/search?query=pluginID:10105)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-02/0385.html\nISS X-Force ID: 4052\n[CVE-2000-0208](https://vulners.com/cve/CVE-2000-0208)\nBugtraq ID: 1026\n", "reporter": "Geoff Hutchison(ghutchis@wso.williams.edu)", "published": "2000-02-28T13:51:06", "type": "osvdb", "title": "ht://Dig htsearch.cgi Arbitrary File Access", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ht://Dig", "version": "3.1.4", "operator": "eq"}, {"name": "ht://Dig", "version": "3.2.0b1", "operator": "eq"}], "cvelist": ["CVE-2000-0208"], "modified": "2000-02-28T13:51:06", "href": "https://vulners.com/osvdb/OSVDB:89", "id": "OSVDB:89", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:36:59", "references": ["http://www.debian.org/security/2000/20000227"], "pluginID": "10105", "description": "The 'htsearch' CGI, which is part of the htdig package, allows anyone to read arbitrary files on the target host.", "edition": 4, "reporter": "Tenable", "published": "2000-03-03T00:00:00", "title": "ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-1999-0978", "CVE-2000-0208"], "modified": "2018-06-13T00:00:00", "cpe": [], "id": "HTDIG.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=10105", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10105);\n script_version (\"1.34\");\n\n script_cve_id(\"CVE-1999-0978\", \"CVE-2000-0208\");\n script_bugtraq_id(867, 1026);\n\n script_name(english:\"ht://Dig < 3.1.5 htsearch CGI Multiple Vulnerabilities\");\n script_summary(english:\"Checks if htdig is vulnerable\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web search engine that is affected by an\ninformation disclosure vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The 'htsearch' CGI, which is part of the htdig package, allows anyone\nto read arbitrary files on the target host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.debian.org/security/2000/20000227\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to htdigg 3.1.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:W/RC:ND\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2000/03/03\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"1999/12/09\");\n script_cvs_date(\"Date: 2018/06/13 18:56:27\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"http_version.nasl\", \"find_service1.nasl\", \"no404.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\n\nforeach dir (cgi_dirs())\n{\n res = http_send_recv3(\n method:\"GET\", \n item:string(dir, \"/htsearch?exclude=%60/etc/passwd%60\"), \n port:port\n );\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n \n if(egrep(pattern:\".*root:.*:0:[01]:.*\", string:res[2])){\n security_warning(port);\n exit(0);\n }\n}\n\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}