Search criteria
7 vulnerabilities found for shttpd by shttpd
VAR-200712-0451
Vulnerability from variot - Updated: 2022-05-17 01:41Easy File Sharing Web Server allows visitors to upload/download files via a browser, with FTP and WEB versions. Easy File Sharing Web Server has an input validation vulnerability when processing user requests. Remote attackers may exploit this vulnerability to obtain sensitive information. Easy File Sharing Web Server does not properly filter certain parameters when uploading files, allowing users to upload files to any parent directory through directory traversal attacks; in addition, there is an error in processing file download requests, allowing users to download admin.sdb and user. Any .sdb database file other than sdb; there is an error in processing the username registration request, allowing the user to leak any file content in the user folder by creating an account with the same username and file name
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "shttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "shttpd",
"version": "1.38"
},
{
"model": "shttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "shttpd",
"version": "1.35"
},
{
"model": "shttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "shttpd",
"version": "1.34"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
},
{
"db": "BID",
"id": "26771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "26771"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2007-6918",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2007-6918",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Easy File Sharing Web Server allows visitors to upload/download files via a browser, with FTP and WEB versions. Easy File Sharing Web Server has an input validation vulnerability when processing user requests. Remote attackers may exploit this vulnerability to obtain sensitive information. Easy File Sharing Web Server does not properly filter certain parameters when uploading files, allowing users to upload files to any parent directory through directory traversal attacks; in addition, there is an error in processing file download requests, allowing users to download admin.sdb and user. Any .sdb database file other than sdb; there is an error in processing the username registration request, allowing the user to leak any file content in the user folder by creating an account with the same username and file name",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
},
{
"db": "BID",
"id": "26771"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "26771",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2007-6918",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
},
{
"db": "BID",
"id": "26771"
}
]
},
"id": "VAR-200712-0451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
}
]
},
"last_update_date": "2022-05-17T01:41:51.516000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://aluigi.altervista.org/adv/efsup-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.sharing-file.com/"
},
{
"trust": 0.3,
"url": "/archive/1/484760"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
},
{
"db": "BID",
"id": "26771"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
},
{
"db": "BID",
"id": "26771"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-6918"
},
{
"date": "2007-12-07T00:00:00",
"db": "BID",
"id": "26771"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-6918"
},
{
"date": "2007-12-10T23:22:00",
"db": "BID",
"id": "26771"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "26771"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Easy File Sharing Web Server Directory Traversal and Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-6918"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "26771"
}
],
"trust": 0.3
}
}
FKIE_CVE-2011-2900
Vulnerability from fkie_nvd - Published: 2011-08-05 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shttpd:shttpd:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "51B480B4-0A58-4873-AAEB-9AE96C48067F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:valenok:mongoose:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5CDD54-5A0F-4146-97C9-13C7ACBE53E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yassl:yasslews:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDB6A1D-A2AD-4BBE-8A96-B6E9C4B7E2B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011."
},
{
"lang": "es",
"value": "Desbordamiento de buffer de pila en (1) la funci\u00f3n put_dir de mongoose.c de Mongoose 3.0, (2) la funci\u00f3n put_dir de yasslEWS.c de yaSSL Embedded Web Server (yasslEWS) 0.2 y (3) la funci\u00f3n _shttpd_put_dir de io_dir.c de Simple HTTPD (shttpd) 1.42. Permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n HTTP PUT, como se ha demostrado en ataques en el 2011."
}
],
"id": "CVE-2011-2900",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-05T21:55:08.920",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45464"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/45902"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8337"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48980"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6405
Vulnerability from fkie_nvd - Published: 2007-12-17 18:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shttpd:shttpd:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA28DCE-CF8A-49A2-9C16-9B73078498D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:shttpd:shttpd:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9523C952-1F4B-4A9F-885B-E4A41BBB6F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:shttpd:shttpd:1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8BEB1F-DEED-4B75-A778-C60783DCEF0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) \u0027+\u0027 character, (2) \u0027.\u0027 character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407."
},
{
"lang": "es",
"value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 y versiones anteriores en Windows permite a atacantes remotos descargar programas CGI \u00f3 scripts de su elecci\u00f3n mediante un URI con un caracter a\u00f1adido (1) \u0027+\u0027, (2) \u0027.\u0027, (3) secuencia de %2e (punto codificado en hexadecimal), \u00f3 (4) caracteres codificados en hexadecimal mayores que 0x7f.\r\nNOTA: el vector %20 se describe en CVE-2007-3407."
}
],
"id": "CVE-2007-6405",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-17T18:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44119"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3457"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org\u0026forum_name=shttpd-general"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26768"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org\u0026forum_name=shttpd-general"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4700"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-2900 (GCVE-0-2011-2900)
Vulnerability from cvelistv5 – Published: 2011-08-05 21:00 – Updated: 2024-08-06 23:15
VLAI?
Summary
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-11823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html"
},
{
"name": "48980",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0"
},
{
"name": "45464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45464"
},
{
"name": "45902",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45902"
},
{
"name": "FEDORA-2011-11825",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html"
},
{
"name": "mongoose-put-bo(68991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991"
},
{
"name": "[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/5"
},
{
"name": "8337",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8337"
},
{
"name": "FEDORA-2011-11636",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html"
},
{
"name": "[oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-11823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html"
},
{
"name": "48980",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0"
},
{
"name": "45464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45464"
},
{
"name": "45902",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45902"
},
{
"name": "FEDORA-2011-11825",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html"
},
{
"name": "mongoose-put-bo(68991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991"
},
{
"name": "[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/5"
},
{
"name": "8337",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8337"
},
{
"name": "FEDORA-2011-11636",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html"
},
{
"name": "[oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2900",
"datePublished": "2011-08-05T21:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6405 (GCVE-0-2007-6405)
Vulnerability from cvelistv5 – Published: 2007-12-17 18:00 – Updated: 2024-08-07 16:02
VLAI?
Summary
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"
},
{
"name": "3457",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3457"
},
{
"name": "4700",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4700"
},
{
"name": "44119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44119"
},
{
"name": "26768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26768"
},
{
"name": "[shttpd-general] 20071203 Security bugs in SHTTPD",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org\u0026forum_name=shttpd-general"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) \u0027+\u0027 character, (2) \u0027.\u0027 character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"
},
{
"name": "3457",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3457"
},
{
"name": "4700",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4700"
},
{
"name": "44119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44119"
},
{
"name": "26768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26768"
},
{
"name": "[shttpd-general] 20071203 Security bugs in SHTTPD",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org\u0026forum_name=shttpd-general"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) \u0027+\u0027 character, (2) \u0027.\u0027 character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"
},
{
"name": "3457",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3457"
},
{
"name": "4700",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4700"
},
{
"name": "44119",
"refsource": "OSVDB",
"url": "http://osvdb.org/44119"
},
{
"name": "26768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26768"
},
{
"name": "[shttpd-general] 20071203 Security bugs in SHTTPD",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org\u0026forum_name=shttpd-general"
},
{
"name": "http://aluigi.altervista.org/adv/shttpd-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6405",
"datePublished": "2007-12-17T18:00:00",
"dateReserved": "2007-12-17T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2900 (GCVE-0-2011-2900)
Vulnerability from nvd – Published: 2011-08-05 21:00 – Updated: 2024-08-06 23:15
VLAI?
Summary
Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-11823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html"
},
{
"name": "48980",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0"
},
{
"name": "45464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45464"
},
{
"name": "45902",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45902"
},
{
"name": "FEDORA-2011-11825",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html"
},
{
"name": "mongoose-put-bo(68991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991"
},
{
"name": "[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/5"
},
{
"name": "8337",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8337"
},
{
"name": "FEDORA-2011-11636",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html"
},
{
"name": "[oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-11823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065505.html"
},
{
"name": "48980",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/mongoose/source/detail?r=556f4de91eae4bac40dc5d4ddbd9ec7c424711d0"
},
{
"name": "45464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45464"
},
{
"name": "45902",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45902"
},
{
"name": "FEDORA-2011-11825",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html"
},
{
"name": "mongoose-put-bo(68991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68991"
},
{
"name": "[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/5"
},
{
"name": "8337",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8337"
},
{
"name": "FEDORA-2011-11636",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065273.html"
},
{
"name": "[oss-security] 20110803 Re: CVE id request: shttpd/mongoose/yassl embedded webserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/03/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2900",
"datePublished": "2011-08-05T21:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6405 (GCVE-0-2007-6405)
Vulnerability from nvd – Published: 2007-12-17 18:00 – Updated: 2024-08-07 16:02
VLAI?
Summary
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"
},
{
"name": "3457",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3457"
},
{
"name": "4700",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4700"
},
{
"name": "44119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44119"
},
{
"name": "26768",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26768"
},
{
"name": "[shttpd-general] 20071203 Security bugs in SHTTPD",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org\u0026forum_name=shttpd-general"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) \u0027+\u0027 character, (2) \u0027.\u0027 character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"
},
{
"name": "3457",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3457"
},
{
"name": "4700",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4700"
},
{
"name": "44119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44119"
},
{
"name": "26768",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26768"
},
{
"name": "[shttpd-general] 20071203 Security bugs in SHTTPD",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org\u0026forum_name=shttpd-general"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) \u0027+\u0027 character, (2) \u0027.\u0027 character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"
},
{
"name": "3457",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3457"
},
{
"name": "4700",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4700"
},
{
"name": "44119",
"refsource": "OSVDB",
"url": "http://osvdb.org/44119"
},
{
"name": "26768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26768"
},
{
"name": "[shttpd-general] 20071203 Security bugs in SHTTPD",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org\u0026forum_name=shttpd-general"
},
{
"name": "http://aluigi.altervista.org/adv/shttpd-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6405",
"datePublished": "2007-12-17T18:00:00",
"dateReserved": "2007-12-17T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}