8 matches found
CVE-2017-17663
CVE-2017-17663 affects the htpasswd component of mini_httpd (before v1.28) and thttpd (before v2.28). The vulnerability is a buffer overflow that can be exploited remotely to achieve code execution. Connected advisories corroborate a remote-code-execution impact and note fixes in later thttpd rel...
CVE-2009-4491
thttpd 2.25b0 logs data without sanitizing non‑printable characters, potentially allowing a remote attacker to modify a window title or execute commands/overwrite files via an HTTP request with a terminal-escape sequence. Root cause is unfiltered log output. No specific patch/version fix is detai...
CVE-2007-0158
CVE-2007-0158 affects thttpd 2007. Multiple connected entries describe a buffer-related issue in thttpd (description consistently states a buffer underflow/overflow in 2007). NVD CVSS metrics indicate a network-accessible vulnerability with high impact to confidentiality, integrity, and availabil...
CVE-2013-0348
CVE-2013-0348 affects thttpd/thttpd-derived sthttpd: versions prior to 2.26.4-r2 and 2.25b expose a world-readable /var/log/thttpd.log. The root cause is incorrect file permissions, permitting local users to read sensitive information from the log file. Implication: local information disclosure w...
CVE-2003-0899
CVE-2003-0899 describes a buffer overflow in thttpd (defang in libhttpd.c) affecting versions 2.21 to 2.23b1. The overflow can be triggered by requests containing ‘’ that are expanded to “”, enabling remote code execution. Connected sources (SUSE, Debian, OpenVAS, and NVD listing) confirm the vul...
CVE-2012-5640
CVE-2012-5640 affects thttpd,; local DoS via specially crafted .htpasswd files. The OSV openSUSE entry notes a fix in thttpd-2.26-4.7 for GA media; other connected entries reiterate the local DoS vector. Exploitation status is not detailed in the provided documents. Monitor for updated advisories...
CVE-2001-1496
CVE-2001-1496 affects thttpd (Acme Labs) with an off-by-one buffer overflow in Basic Authentication across versions 1.95–2.20. The underlying issue is a buffer overflow in the Basic Auth handling, enabling remote attackers to cause a denial of service and potentially execute arbitrary code. Explo...
CVE-2001-0892
Vulnerability : Acme Thttpd Secure Webserver prior to 2.22, with the chroot option enabled, is exposed to remote access that can view sensitive files under the document root (e.g., .htpasswd) via a GET request with a trailing slash. Affected product : Acme Thttpd Secure Webserver (before 2.22). R...