4 matches found
CVE-2017-17663
CVE-2017-17663 affects the htpasswd component of mini_httpd (before v1.28) and thttpd (before v2.28). The vulnerability is a buffer overflow that can be exploited remotely to achieve code execution. Connected advisories corroborate a remote-code-execution impact and note fixes in later thttpd rel...
CVE-2009-4490
CVE-2009-4490 affects mini_httpd 1.19. The flaw: logging non-printable characters without sanitization may let a remote attacker craft an HTTP request with an escape sequence to modify a window title and potentially execute arbitrary code or overwrite files. The Gentoo advisory GLSA 201206-27 des...
CVE-2015-1548
The CVE-2015-1548 issue affects the mini_httpd web server (version 1.21 and earlier). A crafted HTTP request with a very long protocol string can trigger an incorrect response size calculation and an out-of-bounds read in memory, enabling information disclosure from the server process. Descriptio...
CVE-2001-0893
Acme mini_httpd before 1.16 is affected. A remote attacker can view sensitive files under the document root (e.g., .htpasswd) by issuing a GET request with a trailing /. Root cause is not more detailed in the provided documents. The impact is exposure of confidential data on the server; exploitat...