thttpd
by Thttpd
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-4491 | Cri | 0.68 | 9.8 | 0.13 | Jan 13, 2010 | thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal… | ||
| CVE-2017-17663 | Cri | 0.64 | 9.8 | 0.02 | Feb 6, 2018 | The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. | ||
| CVE-2000-0900 | 0.00 | — | 0.02 | Dec 19, 2000 | Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. | |||
| CVE-2000-0359 | 0.00 | — | 0.05 | Oct 20, 2000 | Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. |
- risk 0.68cvss 9.8epss 0.13
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…
- risk 0.64cvss 9.8epss 0.02
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.
- CVE-2000-0900Dec 19, 2000risk 0.00cvss —epss 0.02
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
- CVE-2000-0359Oct 20, 2000risk 0.00cvss —epss 0.05
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.