230 matches found
FreeBSD-SA-00:73.thttpd
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:73 Security Advisory FreeBSD, Inc. Topic: thttpd allows remote reading of local files Category: ports Module: thttpd Announced: 2000-11-20 Credits: [email protected]...
thttpd ssi: retrieval of arbitrary world-readable files
thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi [email protected] Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description...
Дырка в thttpd (ssi CGI file retrieval)
Исполользуя абсолютный путь в Cgi-скрипте ssi можно получить доступ к любому открытому файлу в системе...
thttpd-219.txt
thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description The included cgi-bin...
thttpd ssi Servlet Encoded Traversal Arbitrary File Access
The version of thttpd running on the remote host comes with a CGI script, 'ssi', that fails to completely sanitize its PATHTRANSLATED argument of encoded directory sequences. An unauthenticated, remote attacker can use this issue to read arbitrary files on the remote host, subject to the privileg...
CVE-2000-0359
thttpd (Trivial HTTP) prior to version 2.05 is affected by a remote buffer overflow triggered by a long If-Modified-Since header. The CVE-2000-0359 entry indicates an overflow that can allow remote code execution or denial of service. Public details in connected documents specify the vulnerable c...
CVE-1999-1456
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / slash character in the filename...
CVE-1999-1457
Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdateparse function...
thttpd 2.04 If-Modified-Since Header Remote Buffer Overflow
It is possible to make the remote thttpd server execute arbitrary code by sending a request like : GET / HTTP/1.0 If-Modified-Since: AAA...AAAA An attacker may use this to gain control on your computer. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10285; scriptversi...
thttpd Double Slash Request Arbitrary File Access
The remote HTTP server allows an attacker to read arbitrary files on the remote host with the privileges of the web server, simply by adding a slash in front of its name. For instance, 'GET //etc/passwd' will return the contents of the remote file '/etc/passwd'. C Tenable Network Security, Inc...