Wserve HTTP Server
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-28994 | Cri | 0.64 | 9.8 | 0.02 | Apr 29, 2022 | Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | ||
| CVE-2002-1008 | 0.04 | — | 0.07 | Oct 4, 2002 | Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT… | |||
| CVE-2007-2367 | 0.03 | — | 0.04 | Apr 30, 2007 | Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI. | |||
| CVE-2002-1497 | 0.03 | — | 0.02 | Apr 2, 2003 | Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. | |||
| CVE-2000-0897 | 0.03 | — | 0.03 | Jan 9, 2001 | Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed. | |||
| CVE-2025-41359 | 0.00 | — | 0.00 | Mar 26, 2026 | Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name… | |||
| CVE-2008-0409 | 0.00 | — | 0.01 | Jan 29, 2008 | Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. | |||
| CVE-2008-0405 | 0.00 | — | 0.03 | Jan 29, 2008 | Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3)… | |||
| CVE-2008-0407 | 0.00 | — | 0.02 | Jan 29, 2008 | HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. | |||
| CVE-2002-2076 | 0.00 | — | 0.02 | Dec 31, 2002 | Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | |||
| CVE-2000-0898 | 0.00 | — | 0.01 | Jan 9, 2001 | Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file. |
- risk 0.64cvss 9.8epss 0.02
Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.
- CVE-2002-1008Oct 4, 2002risk 0.04cvss —epss 0.07
Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT…
- CVE-2007-2367Apr 30, 2007risk 0.03cvss —epss 0.04
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
- CVE-2002-1497Apr 2, 2003risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.
- CVE-2000-0897Jan 9, 2001risk 0.03cvss —epss 0.03
Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.
- CVE-2025-41359Mar 26, 2026risk 0.00cvss —epss 0.00
Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name…
- CVE-2008-0409Jan 29, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
- CVE-2008-0405Jan 29, 2008risk 0.00cvss —epss 0.03
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3)…
- CVE-2008-0407Jan 29, 2008risk 0.00cvss —epss 0.02
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
- CVE-2002-2076Dec 31, 2002risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
- CVE-2000-0898Jan 9, 2001risk 0.00cvss —epss 0.01
Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.