HTTP Daemon
by Libwww Perl
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8450 | Cri | 0.52 | 9.1 | 0.00 | May 27, 2026 | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path… | ||
| CVE-1999-0267 | 0.04 | — | 0.06 | Sep 23, 1997 | Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. | |||
| CVE-2022-31081 | 0.00 | — | 0.01 | Jun 27, 2022 | HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based… | |||
| CVE-2012-4443 | 0.00 | — | 0.00 | Oct 5, 2012 | Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access. |
- risk 0.52cvss 9.1epss 0.00
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, '> path' and '>> path' open the path…
- CVE-1999-0267Sep 23, 1997risk 0.04cvss —epss 0.06
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
- CVE-2022-31081Jun 27, 2022risk 0.00cvss —epss 0.01
HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based…
- CVE-2012-4443Oct 5, 2012risk 0.00cvss —epss 0.00
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.