Thttpd
Products
2- 6 CVEs
- 2 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-4491 | Cri | 0.68 | 9.8 | 0.13 | Jan 13, 2010 | thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal… | ||
| CVE-2007-0158 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2019 | thttpd 2007 has buffer underflow. | ||
| CVE-2017-17663 | Cri | 0.64 | 9.8 | 0.02 | Feb 6, 2018 | The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. | ||
| CVE-2012-5640 | Med | 0.36 | 5.5 | 0.00 | Nov 25, 2019 | thttpd has a local DoS vulnerability via specially-crafted .htpasswd files | ||
| CVE-2000-0900 | 0.00 | — | 0.02 | Dec 19, 2000 | Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. | |||
| CVE-2000-0359 | 0.00 | — | 0.05 | Oct 20, 2000 | Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header. | |||
| CVE-1999-1456 | 0.00 | — | 0.02 | Dec 31, 1999 | thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. | |||
| CVE-1999-1457 | 0.00 | — | 0.02 | Nov 16, 1999 | Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdate_parse function. |
- risk 0.68cvss 9.8epss 0.13
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…
- risk 0.64cvss 9.8epss 0.01
thttpd 2007 has buffer underflow.
- risk 0.64cvss 9.8epss 0.02
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.
- risk 0.36cvss 5.5epss 0.00
thttpd has a local DoS vulnerability via specially-crafted .htpasswd files
- CVE-2000-0900Dec 19, 2000risk 0.00cvss —epss 0.02
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
- CVE-2000-0359Oct 20, 2000risk 0.00cvss —epss 0.05
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.
- CVE-1999-1456Dec 31, 1999risk 0.00cvss —epss 0.02
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
- CVE-1999-1457Nov 16, 1999risk 0.00cvss —epss 0.02
Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdate_parse function.