Lucene search
GoogleOSV:DLA-490-1HistoryMay 26, 2016 - 12:00 a.m.
bozohttpd - security update
2016-05-2600:00:00
Google
osv.dev
8
0.016 Low
EPSS
Percentile
87.6%
Two security vulnerabilities have been discovered in bozohttpd, a small
HTTP server.
- CVE-2014-5015
Bozotic HTTP server (aka bozohttpd) before 201407081 truncates
paths when checking .htpasswd restrictions, which allows remote
attackers to bypass the HTTP authentication scheme and access
restrictions via a long path. - CVE-2015-8212
A flaw in CGI suffix handler support was found, if the -C option
has been used to setup a CGI handler, that could result in remote
code execution.
For Debian 7 Wheezy, these problems have been fixed in version
20111118-1+deb7u1.
We recommend that you upgrade your bozohttpd packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
| CPE | Name | Operator | Version |
|---|---|---|---|
| bozohttpd | eq | 20111118-1 |
References
Related
openvas
openvas
Debian: Security Advisory (DLA-490-1)
2023-03-08 00:00:00
nessus
nessus
Debian DLA-490-1 : bozohttpd security update
2016-05-26 00:00:00
debian
debian
[SECURITY] [DLA 490-1] bozohttpd security update
2016-05-26 05:04:21
prion
prion
Code injection
2017-01-19 20:59:00
Design/Logic Flaw
2014-07-24 14:55:00
ubuntucve
ubuntucve
CVE-2015-8212
2017-01-19 00:00:00
CVE-2014-5015
2014-07-24 00:00:00
cvelist
cvelist
CVE-2015-8212
2017-01-19 20:00:00
CVE-2014-5015
2014-07-24 14:00:00
nvd
nvd
CVE-2015-8212
2017-01-19 20:59:00
CVE-2014-5015
2014-07-24 14:55:09
cve
cve
CVE-2015-8212
2017-01-19 20:59:00
CVE-2014-5015
2014-07-24 14:55:09