VYPR
Vendor

Wserve HTTP Server

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2022-28994CriApr 29, 2022
    risk 0.64cvss 9.8epss 0.02

    Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.

  • CVE-2002-1008Oct 4, 2002
    risk 0.04cvss epss 0.07

    Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT…

  • CVE-2007-2367Apr 30, 2007
    risk 0.03cvss epss 0.04

    Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.

  • CVE-2002-1497Apr 2, 2003
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.

  • CVE-2000-0897Jan 9, 2001
    risk 0.03cvss epss 0.03

    Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.

  • CVE-2025-41359Mar 26, 2026
    risk 0.00cvss epss 0.00

    Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name…

  • CVE-2008-0409Jan 29, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.

  • CVE-2008-0405Jan 29, 2008
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3)…

  • CVE-2008-0407Jan 29, 2008
    risk 0.00cvss epss 0.02

    HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.

  • CVE-2002-2076Dec 31, 2002
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.

  • CVE-2000-0898Jan 9, 2001
    risk 0.00cvss epss 0.01

    Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.