Thttpd Security Vulnerabilities and Issues — Thttpd CVE List

Lucene search

Acme LabsThttpd

4 matches found

CVE•added 2006/10/31 7:7 p.m.•75 views

CVE-2006-4248

thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.

7.2CVSS6.2AI score0.00049EPSS

CVE•added 2001/01/22 5:0 a.m.•62 views

CVE-2000-0900

Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

7.5CVSS6.7AI score0.01189EPSS

CVE•added 2006/03/09 12:2 a.m.•61 views

CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and ...

7.2CVSS6.8AI score0.00185EPSS

CVE•added 2003/04/02 5:0 a.m.•33 views

CVE-2002-0733

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.

7.5CVSS7.2AI score0.09589EPSS