Thttpd Security Vulnerabilities and Issues — Thttpd CVE List

Lucene search

Acme LabsThttpd

10 matches found

CVE•added 2006/03/09 12:2 a.m.•88 views

CVE-2006-1078

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the...

8.4CVSS6.9AI score0.00228EPSS

CVE•added 2006/10/31 7:7 p.m.•75 views

CVE-2006-4248

thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.

7.2CVSS6.2AI score0.00049EPSS

CVE•added 2001/01/22 5:0 a.m.•62 views

CVE-2000-0900

Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

7.5CVSS6.7AI score0.01189EPSS

CVE•added 2007/02/02 9:28 p.m.•62 views

CVE-2007-0664

thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.

5CVSS6.5AI score0.02893EPSS

CVE•added 2006/03/09 12:2 a.m.•61 views

CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and ...

7.2CVSS6.8AI score0.00185EPSS

CVE•added 2003/05/12 4:0 a.m.•58 views

CVE-2002-1562

Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.

5CVSS9.4AI score0.01609EPSS

CVE•added 2000/10/20 4:0 a.m.•51 views

CVE-2000-0359

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.

10CVSS7.8AI score0.03658EPSS

CVE•added 2005/11/06 11:2 a.m.•42 views

CVE-2005-3124

syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.

2.1CVSS6.1AI score0.00103EPSS

CVE•added 2005/12/04 10:0 p.m.•39 views

CVE-2004-2628

Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").

5CVSS6.9AI score0.08486EPSS

CVE•added 2003/04/02 5:0 a.m.•33 views

CVE-2002-0733

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.

7.5CVSS7.2AI score0.09589EPSS