Mini Httpd
by Acme
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18778 | 0.07 | — | 0.74 | Oct 29, 2018 | ACME mini_httpd before 1.30 lets remote users read arbitrary files. | |||
| CVE-2009-4490 | 0.04 | — | 0.10 | Jan 13, 2010 | mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal… | |||
| CVE-2024-0263 | 0.00 | — | 0.01 | Jan 7, 2024 | A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has… | |||
| CVE-2015-1548 | 0.00 | — | 0.01 | Feb 10, 2015 | mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. | |||
| CVE-2001-0893 | 0.00 | — | 0.03 | Nov 13, 2001 | Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. |
- CVE-2018-18778Oct 29, 2018risk 0.07cvss —epss 0.74
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
- CVE-2009-4490Jan 13, 2010risk 0.04cvss —epss 0.10
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…
- CVE-2024-0263Jan 7, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has…
- CVE-2015-1548Feb 10, 2015risk 0.00cvss —epss 0.01
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
- CVE-2001-0893Nov 13, 2001risk 0.00cvss —epss 0.03
Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.