Lucene search
K
Acme LabsThttpd

10 matches found

CVE
CVE
added 2006/03/09 12:0 a.m.110 views

CVE-2006-1078

Concrete details found: CVE-2006-1078 concerns multiple buffer overflows in the htpasswd utility used by Acme thttpd 2.25b. The vulnerabilities allow a local attacker to gain or escalate privileges via (1) a long command-line argument and (2) a long line in a file. The advisory notes htpasswd is ...

8.4CVSS6.9AI score0.00526EPSS
CVE
CVE
added 2006/10/31 7:0 p.m.99 views

CVE-2006-4248

CVE-2006-4248 affects thttpd (notably in Debian and related distributions) and involves a local symlink attack that allows a local user to create or touch arbitrary files via insecure temporary file usage in start_thttpd during log rotation. The root cause is the use of insecure temporary files, ...

7.2CVSS6.2AI score0.00368EPSS
CVE
CVE
added 2006/03/09 12:0 a.m.78 views

CVE-2006-1079

CVE-2006-1079 concerns the htpasswd utility used by Acme thttpd (notably 2.25b) where local users can escalate privileges through shell metacharacters passed as command-line arguments to system(). Several sourced entries indicate this vulnerability exists in htpasswd and note the issue may be exp...

7.2CVSS6.8AI score0.00393EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.76 views

CVE-2000-0900

Summary: CVE-2000-0900 affects thttpd’s built-in ssi CGI when used with versions 2.19 and earlier. A remote attacker can exploit a directory traversal flaw by using encoded path sequences (e.g., %2e%2e) to read arbitrary files via the ssi handler. The issue is identical to an encoded traversal vu...

7.5CVSS6.7AI score0.02022EPSS
CVE
CVE
added 2007/02/02 12:0 a.m.74 views

CVE-2007-0664

CVE-2007-0664 affects thttpd prior to 2.25b-r6 when started from the system root (/) by Gentoo baselayout 1.12.6, causing the web server root to be "/" and enabling remote attackers to read arbitrary files. The underlying change to start-stop-daemon is cited in Gentoo GLSA 200701-28 and related a...

5CVSS6.5AI score0.02834EPSS
CVE
CVE
added 2003/04/26 4:0 a.m.70 views

CVE-2002-1562

The CVE-2002-1562 entry affects thttpd in virtual-hosting mode, where a remote attacker can read arbitrary files by injecting a path into the Host header (directory traversal). Related advisories (CAN-2002-1562 and CAN-2003-0899) describe an information leak and remote code execution via a crafte...

5CVSS9.4AI score0.02812EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.66 views

CVE-2000-0359

thttpd (Trivial HTTP) prior to version 2.05 is affected by a remote buffer overflow triggered by a long If-Modified-Since header. The CVE-2000-0359 entry indicates an overflow that can allow remote code execution or denial of service. Public details in connected documents specify the vulnerable c...

10CVSS7.8AI score0.05434EPSS
CVE
CVE
added 2005/11/06 11:0 a.m.55 views

CVE-2005-3124

CVE-2005-3124 affects the syslogtocern script in Acme thttpd prior to 2.23, enabling local attackers to overwrite arbitrary files via a symlink attack on a temporary file. Public advisories (Debian DSA-883-1, SUSE, Ubuntu, OpenVAS/Nessus entries) describe insecure temporary-file handling in thttp...

2.1CVSS6.1AI score0.00367EPSS
CVE
CVE
added 2005/12/04 10:0 p.m.52 views

CVE-2004-2628

CVE-2004-2628 affects thttpd 2.07 beta 0.4 running on Windows, enabling remote attackers to read arbitrary files via a URL containing a hex-encoded backslash dot-dot sequence (.., %5C..), or a drive letter (e.g., C:). The root cause is a directory traversal vulnerability in the URL path handling,...

5CVSS6.9AI score0.03623EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.46 views

CVE-2002-0733

CVE-2002-0733 is a cross-site scripting vulnerability in thttpd 2.20 and earlier. The issue arises when a crafted URL to a nonexistent page is inserted into a 404 error page, enabling remote attackers to execute arbitrary script in the context of the user viewing the error page. The connected dat...

7.5CVSS7.2AI score0.08028EPSS