- Home
- CVEs with nessus.description==According to its banner, the version of Acme thttpd server running
on the remote host is prior to 2.26. It is, therefore, affected by
multiple vulnerabilities :
- Multiple buffer overflow conditions exist in the
htpasswd utility. A local attacker can exploit these,
by calling htpasswd and supplying arbitrary commands
along with a username to be added to the password file,
to bypass required authentication and execute arbitrary
programs with elevated privileges. (CVE-2006-1078)
- A flaw exists in htpasswd that allows a local attacker
to gain privileges via shell metacharacters in a command
line argument, which can then be used to execute other
commands. (CVE-2006-1079)
- An unspecified flaw exists that allows a local attacker
to create or touch arbitrary files via a symlink attack
on the start_thttpd temporary file. (CVE-2006-4248)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top