Monkey HTTP Daemon
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3843 | 0.06 | — | 0.40 | Jun 13, 2014 | Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header. | |||
| CVE-2013-2182 | 0.04 | — | 0.11 | Jun 13, 2014 | The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash. | |||
| CVE-2002-1663 | 0.04 | — | 0.09 | Dec 31, 2002 | The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value. | |||
| CVE-2002-2154 | 0.03 | — | 0.04 | Dec 31, 2002 | Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | |||
| CVE-2003-0218 | 0.01 | — | 0.07 | May 12, 2003 | Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. | |||
| CVE-2013-2163 | 0.00 | — | 0.01 | Jun 13, 2014 | Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header. | |||
| CVE-2013-2181 | 0.00 | — | 0.00 | Jul 29, 2013 | Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name. | |||
| CVE-2012-5303 | 0.00 | — | 0.00 | Oct 5, 2012 | Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | |||
| CVE-2012-4442 | 0.00 | — | 0.00 | Oct 5, 2012 | Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check. | |||
| CVE-2003-1209 | 0.00 | — | 0.01 | Dec 31, 2003 | The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header. |
- CVE-2013-3843Jun 13, 2014risk 0.06cvss —epss 0.40
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.
- CVE-2013-2182Jun 13, 2014risk 0.04cvss —epss 0.11
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
- CVE-2002-1663Dec 31, 2002risk 0.04cvss —epss 0.09
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
- CVE-2002-2154Dec 31, 2002risk 0.03cvss —epss 0.04
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
- CVE-2003-0218May 12, 2003risk 0.01cvss —epss 0.07
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
- CVE-2013-2163Jun 13, 2014risk 0.00cvss —epss 0.01
Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.
- CVE-2013-2181Jul 29, 2013risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.
- CVE-2012-5303Oct 5, 2012risk 0.00cvss —epss 0.00
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.
- CVE-2012-4442Oct 5, 2012risk 0.00cvss —epss 0.00
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
- CVE-2003-1209Dec 31, 2003risk 0.00cvss —epss 0.01
The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.