VYPR

thttpd

by Thttpd

CVEs (4)

  • CVE-2009-4491CriJan 13, 2010
    risk 0.68cvss 9.8epss 0.13

    thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…

  • CVE-2017-17663CriFeb 6, 2018
    risk 0.64cvss 9.8epss 0.02

    The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.

  • CVE-2000-0900Dec 19, 2000
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

  • CVE-2000-0359Oct 20, 2000
    risk 0.00cvss epss 0.05

    Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.