VYPR
Vendor

Thttpd

Products
2
CVEs
8
Across products
8
Status
Private

Products

2

Recent CVEs

8
  • CVE-2009-4491CriJan 13, 2010
    risk 0.68cvss 9.8epss 0.13

    thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…

  • CVE-2007-0158CriDec 27, 2019
    risk 0.64cvss 9.8epss 0.01

    thttpd 2007 has buffer underflow.

  • CVE-2017-17663CriFeb 6, 2018
    risk 0.64cvss 9.8epss 0.02

    The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.

  • CVE-2012-5640MedNov 25, 2019
    risk 0.36cvss 5.5epss 0.00

    thttpd has a local DoS vulnerability via specially-crafted .htpasswd files

  • CVE-2000-0900Dec 19, 2000
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

  • CVE-2000-0359Oct 20, 2000
    risk 0.00cvss epss 0.05

    Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.

  • CVE-1999-1456Dec 31, 1999
    risk 0.00cvss epss 0.02

    thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.

  • CVE-1999-1457Nov 16, 1999
    risk 0.00cvss epss 0.02

    Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdate_parse function.