An
Products
2- 6 CVEs
- 3 CVEs
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2002-1930 | 0.05 | — | 0.23 | Dec 31, 2002 | Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | ||
| CVE-2005-1086 | 0.04 | — | 0.07 | May 2, 2005 | Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header. | ||
| CVE-2005-1087 | 0.03 | — | 0.04 | Apr 7, 2005 | CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request. | ||
| CVE-2003-1271 | 0.03 | — | 0.01 | Dec 31, 2003 | Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script. | ||
| CVE-1999-0947 | 0.03 | — | 0.06 | Nov 2, 1999 | AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. | ||
| CVE-2006-1598 | 0.00 | — | 0.01 | Apr 3, 2006 | AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension. | ||
| CVE-2003-1269 | 0.00 | — | 0.00 | Dec 31, 2003 | AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message. | ||
| CVE-2003-1270 | 0.00 | — | 0.02 | Dec 31, 2003 | AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability. | ||
| CVE-2002-2378 | 0.00 | — | 0.00 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page. |
- CVE-2002-1930Dec 31, 2002risk 0.05cvss —epss 0.23
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.
- CVE-2005-1086May 2, 2005risk 0.04cvss —epss 0.07
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.
- CVE-2005-1087Apr 7, 2005risk 0.03cvss —epss 0.04
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
- CVE-2003-1271Dec 31, 2003risk 0.03cvss —epss 0.01
Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script.
- CVE-1999-0947Nov 2, 1999risk 0.03cvss —epss 0.06
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.
- CVE-2006-1598Apr 3, 2006risk 0.00cvss —epss 0.01
AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension.
- CVE-2003-1269Dec 31, 2003risk 0.00cvss —epss 0.00
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message.
- CVE-2003-1270Dec 31, 2003risk 0.00cvss —epss 0.02
AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability.
- CVE-2002-2378Dec 31, 2002risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.