Lucene search
K
AcmeThttpd

8 matches found

CVE
CVE
added 2018/02/06 5:0 p.m.581 views

CVE-2017-17663

CVE-2017-17663 affects the htpasswd component of mini_httpd (before v1.28) and thttpd (before v2.28). The vulnerability is a buffer overflow that can be exploited remotely to achieve code execution. Connected advisories corroborate a remote-code-execution impact and note fixes in later thttpd rel...

9.8CVSS9.7AI score0.02453EPSS
CVE
CVE
added 2010/01/13 12:0 a.m.151 views

CVE-2009-4491

thttpd 2.25b0 logs data without sanitizing non‑printable characters, potentially allowing a remote attacker to modify a window title or execute commands/overwrite files via an HTTP request with a terminal-escape sequence. Root cause is unfiltered log output. No specific patch/version fix is detai...

9.8CVSS7.8AI score0.13467EPSS
CVE
CVE
added 2019/12/27 5:3 p.m.137 views

CVE-2007-0158

CVE-2007-0158 affects thttpd 2007. Multiple connected entries describe a buffer-related issue in thttpd (description consistently states a buffer underflow/overflow in 2007). NVD CVSS metrics indicate a network-accessible vulnerability with high impact to confidentiality, integrity, and availabil...

9.8CVSS9.5AI score0.01338EPSS
CVE
CVE
added 2013/12/13 6:0 p.m.117 views

CVE-2013-0348

CVE-2013-0348 affects thttpd/thttpd-derived sthttpd: versions prior to 2.26.4-r2 and 2.25b expose a world-readable /var/log/thttpd.log. The root cause is incorrect file permissions, permitting local users to read sensitive information from the log file. Implication: local information disclosure w...

2.1CVSS6AI score0.00523EPSS
CVE
CVE
added 2003/10/30 5:0 a.m.86 views

CVE-2003-0899

CVE-2003-0899 describes a buffer overflow in thttpd (defang in libhttpd.c) affecting versions 2.21 to 2.23b1. The overflow can be triggered by requests containing ‘’ that are expanded to “”, enabling remote code execution. Connected sources (SUSE, Debian, OpenVAS, and NVD listing) confirm the vul...

9.8CVSS9.9AI score0.21679EPSS
CVE
CVE
added 2019/11/25 2:17 p.m.63 views

CVE-2012-5640

CVE-2012-5640 affects thttpd,; local DoS via specially crafted .htpasswd files. The OSV openSUSE entry notes a fix in thttpd-2.26-4.7 for GA media; other connected entries reiterate the local DoS vector. Exploitation status is not detailed in the provided documents. Monitor for updated advisories...

5.5CVSS5.5AI score0.00386EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.55 views

CVE-2001-1496

CVE-2001-1496 affects thttpd (Acme Labs) with an off-by-one buffer overflow in Basic Authentication across versions 1.95–2.20. The underlying issue is a buffer overflow in the Basic Auth handling, enabling remote attackers to cause a denial of service and potentially execute arbitrary code. Explo...

9.8CVSS8.3AI score0.04837EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.53 views

CVE-2001-0892

Vulnerability : Acme Thttpd Secure Webserver prior to 2.22, with the chroot option enabled, is exposed to remote access that can view sensitive files under the document root (e.g., .htpasswd) via a GET request with a trailing slash. Affected product : Acme Thttpd Secure Webserver (before 2.22). R...

5CVSS6.9AI score0.01859EPSS