CVE-2001-0834

htsearch CGI program in htdig ht://Dig 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to 1 cause a denial of service CPU consumption by specifying a large file such as /dev/zero, or 2 read arbitrary files by uploading...

Re: Bug found in ht://Dig htsearch CGI

Name: ht://Dig htsearch CGI Versions affected: 3.1.0b2 and more recent, including 3.1.5 and 3.2.0b3 Vulnerability: Potential remote exposure. Denial of Service. Details: The htsearch CGI runs as both the CGI and as a command-line program. The command-line program accepts the -c filename to read i...