Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by acme
CVE-2024-0263 (GCVE-0-2024-0263)
Vulnerability from cvelistv5 – Published: 2024-01-07 03:31 – Updated: 2024-09-04 19:38
VLAI
Title
ACME Ultra Mini HTTPd HTTP GET Request denial of service
Summary
A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.249819 | vdb-entry |
| https://vuldb.com/?ctiid.249819 | signaturepermissions-required |
| https://packetstormsecurity.com/files/176333/Ultr… | related |
| https://0day.today/exploit/description/39212 | exploit |
| https://www.youtube.com/watch?v=HWOGeg3e5As | media-coverage |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ACME | Ultra Mini HTTPd |
Affected:
1.21
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.249819"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249819"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://0day.today/exploit/description/39212"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=HWOGeg3e5As"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0263",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T20:07:40.896657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:38:47.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP GET Request Handler"
],
"product": "Ultra Mini HTTPd",
"vendor": "ACME",
"versions": [
{
"status": "affected",
"version": "1.21"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "fernando.mengali (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in ACME Ultra Mini HTTPd 1.21 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Komponente HTTP GET Request Handler. Durch das Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T03:31:03.968Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.249819"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249819"
},
{
"tags": [
"related"
],
"url": "https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html"
},
{
"tags": [
"exploit"
],
"url": "https://0day.today/exploit/description/39212"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.youtube.com/watch?v=HWOGeg3e5As"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-06T09:50:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "ACME Ultra Mini HTTPd HTTP GET Request denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0263",
"datePublished": "2024-01-07T03:31:03.968Z",
"dateReserved": "2024-01-06T08:44:30.565Z",
"dateUpdated": "2024-09-04T19:38:47.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0158 (GCVE-0-2007-0158)
Vulnerability from cvelistv5 – Published: 2019-12-27 17:03 – Updated: 2024-08-07 12:12
VLAI
Summary
thttpd 2007 has buffer underflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://taviso.decsystem.org/research.t2t | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:16.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/research.t2t"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "thttpd 2007 has buffer underflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-27T17:03:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/research.t2t"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "thttpd 2007 has buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://taviso.decsystem.org/research.t2t",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/research.t2t"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0158",
"datePublished": "2019-12-27T17:03:20.000Z",
"dateReserved": "2007-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:12:16.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5640 (GCVE-0-2012-5640)
Vulnerability from cvelistv5 – Published: 2019-11-25 14:17 – Updated: 2024-08-06 21:14
VLAI
Summary
thttpd has a local DoS vulnerability via specially-crafted .htpasswd files
Severity
No CVSS data available.
CWE
- Local DoS vulnerability
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/12/15/1 | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2012-5640 | vendor-advisoryx_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5640"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5640"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/15/1"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "thttpd",
"vendor": "thttpd",
"versions": [
{
"status": "affected",
"version": "2012-12-15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "thttpd has a local DoS vulnerability via specially-crafted .htpasswd files"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local DoS vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T14:17:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5640"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5640"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/15/1"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5640"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5640",
"datePublished": "2019-11-25T14:17:50.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:14:16.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18778 (GCVE-0-2018-18778)
Vulnerability from cvelistv5 – Published: 2018-10-29 02:00 – Updated: 2024-09-17 01:10
VLAI
Summary
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.acme.com/software/mini_httpd/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acme.com/software/mini_httpd/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACME mini_httpd before 1.30 lets remote users read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-29T02:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acme.com/software/mini_httpd/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACME mini_httpd before 1.30 lets remote users read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.acme.com/software/mini_httpd/",
"refsource": "MISC",
"url": "http://www.acme.com/software/mini_httpd/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18778",
"datePublished": "2018-10-29T02:00:00.000Z",
"dateReserved": "2018-10-28T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:10:35.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17663 (GCVE-0-2017-17663)
Vulnerability from cvelistv5 – Published: 2018-02-06 17:00 – Updated: 2024-08-05 20:59
VLAI
Summary
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://acme.com/updates/archive/199.html | x_refsource_CONFIRM |
Date Public
2018-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://acme.com/updates/archive/199.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-06T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://acme.com/updates/archive/199.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://acme.com/updates/archive/199.html",
"refsource": "CONFIRM",
"url": "http://acme.com/updates/archive/199.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17663",
"datePublished": "2018-02-06T17:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:59:17.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1548 (GCVE-0-2015-1548)
Vulnerability from cvelistv5 – Published: 2015-02-10 19:00 – Updated: 2024-08-06 04:47
VLAI
Summary
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/73450 | vdb-entryx_refsource_BID |
| http://itinsight.hu/en/posts/articles/2015-01-23-… | x_refsource_MISC |
Date Public
2015-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:47:17.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-21T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "73450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73450"
},
{
"name": "http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/",
"refsource": "MISC",
"url": "http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1548",
"datePublished": "2015-02-10T19:00:00.000Z",
"dateReserved": "2015-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:47:17.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4927 (GCVE-0-2014-4927)
Vulnerability from cvelistv5 – Published: 2014-07-24 14:00 – Updated: 2024-08-06 11:34
VLAI
Summary
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/34102 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/68746 | vdb-entryx_refsource_BID |
| http://osvdb.org/show/osvdb/109356 | vdb-entryx_refsource_OSVDB |
| http://packetstormsecurity.com/files/127544/ACME-… | x_refsource_MISC |
Date Public
2014-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:36.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34102",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34102"
},
{
"name": "68746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68746"
},
{
"name": "109356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/109356"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127544/ACME-micro_httpd-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-24T13:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34102",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34102"
},
{
"name": "68746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68746"
},
{
"name": "109356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/109356"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127544/ACME-micro_httpd-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34102",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34102"
},
{
"name": "68746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68746"
},
{
"name": "109356",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/109356"
},
{
"name": "http://packetstormsecurity.com/files/127544/ACME-micro_httpd-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127544/ACME-micro_httpd-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4927",
"datePublished": "2014-07-24T14:00:00.000Z",
"dateReserved": "2014-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:36.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0348 (GCVE-0-2013-0348)
Vulnerability from cvelistv5 – Published: 2013-12-13 18:00 – Updated: 2024-08-06 14:25
VLAI
Summary
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://opensource.dyc.edu/gitweb/?p=sthttpd.git%3… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2013/02/23/7 | mailing-listx_refsource_MLIST |
| https://bugs.gentoo.org/show_bug.cgi?id=458896 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2014-0… | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.redhat.com/show_bug.cgi?id=924857 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2013-1… | vendor-advisoryx_refsource_SUSE |
Date Public
2013-02-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git%3Ba=commitdiff%3Bh=d2e186dbd58d274a0dea9b59357edc8498b5388d"
},
{
"name": "[oss-security] 20130222 Re: CVE request: sthttpd world-redable logdir",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/23/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=458896"
},
{
"name": "openSUSE-SU-2014:0021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924857"
},
{
"name": "openSUSE-SU-2013:1862",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://opensource.dyc.edu/gitweb/?p=sthttpd.git%3Ba=commitdiff%3Bh=d2e186dbd58d274a0dea9b59357edc8498b5388d"
},
{
"name": "[oss-security] 20130222 Re: CVE request: sthttpd world-redable logdir",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/23/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=458896"
},
{
"name": "openSUSE-SU-2014:0021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924857"
},
{
"name": "openSUSE-SU-2013:1862",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0348",
"datePublished": "2013-12-13T18:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:25:09.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1544 (GCVE-0-2010-1544)
Vulnerability from cvelistv5 – Published: 2010-04-26 19:00 – Updated: 2024-09-17 03:58
VLAI
Summary
micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/38778 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/1002-exploits/rcad… | x_refsource_MISC |
| http://www.securityfocus.com/bid/38488 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:43.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38778"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt"
},
{
"name": "38488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-26T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38778",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38778"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt"
},
{
"name": "38488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38778"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt"
},
{
"name": "38488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1544",
"datePublished": "2010-04-26T19:00:00.000Z",
"dateReserved": "2010-04-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:58:46.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4490 (GCVE-0-2009-4490)
Vulnerability from cvelistv5 – Published: 2010-01-13 20:00 – Updated: 2024-08-07 07:01
VLAI
Summary
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ush.it/team/ush/hack_httpd_escape/adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/508830/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-01-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4490",
"datePublished": "2010-01-13T20:00:00.000Z",
"dateReserved": "2009-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:01:20.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4491 (GCVE-0-2009-4491)
Vulnerability from cvelistv5 – Published: 2010-01-13 00:00 – Updated: 2024-08-07 07:01
VLAI
Summary
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thttpd | thttpd_http_server |
Affected:
2.25b0
cpe:2.3:a:thttpd:thttpd_http_server:*:*:*:*:*:*:*:* |
Date Public
2010-01-10 00:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thttpd:thttpd_http_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thttpd_http_server",
"vendor": "thttpd",
"versions": [
{
"status": "affected",
"version": "2.25b0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-4491",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:53:28.896892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:57:25.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-28T17:06:31.622Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Nov/13"
},
{
"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4491",
"datePublished": "2010-01-13T00:00:00.000Z",
"dateReserved": "2009-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:01:20.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1496 (GCVE-0-2001-1496)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 04:58
VLAI
Summary
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/241310 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/241953 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/3562 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2001-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011120 Off-by-one vulnerability in thttpd!!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241310"
},
{
"name": "20011123 Re: Off-by-one vulnerability in thttpd!!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/241953"
},
{
"name": "3562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3562"
},
{
"name": "thttpd-basic-authentication-bo(7595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1496",
"datePublished": "2005-06-21T04:00:00.000Z",
"dateReserved": "2005-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:58:11.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0899 (GCVE-0-2003-0899)
Vulnerability from cvelistv5 – Published: 2003-10-30 05:00 – Updated: 2024-08-08 02:05
VLAI
Summary
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/8906 | vdb-entryx_refsource_BID |
| https://www.debian.org/security/2003/dsa-396 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/10092 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/2729 | vdb-entryx_refsource_OSVDB |
| http://www.texonet.com/advisories/TEXONET-20030908.txt | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=106729188224252&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2003-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2729"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain \u0027\u003c\u0027 or \u0027\u003e\u0027 characters, which trigger the overflow when the characters are expanded to \"\u0026lt;\" and \"\u0026gt;\" sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2729"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain \u0027\u003c\u0027 or \u0027\u003e\u0027 characters, which trigger the overflow when the characters are expanded to \"\u0026lt;\" and \"\u0026gt;\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8906"
},
{
"name": "DSA-396",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-396"
},
{
"name": "10092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10092"
},
{
"name": "2729",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2729"
},
{
"name": "http://www.texonet.com/advisories/TEXONET-20030908.txt",
"refsource": "MISC",
"url": "http://www.texonet.com/advisories/TEXONET-20030908.txt"
},
{
"name": "20031027 Remote overflow in thttpd",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106729188224252\u0026w=2"
},
{
"name": "thttpd-defang-bo(13530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0899",
"datePublished": "2003-10-30T05:00:00.000Z",
"dateReserved": "2003-10-28T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:12.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0893 (GCVE-0-2001-0893)
Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
VLAI
Summary
Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/7541.php | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=100568999726036&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.acme.com/software/mini_httpd/ | x_refsource_CONFIRM |
Date Public
2001-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "httpd-bypass-permissions(7541)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7541.php"
},
{
"name": "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100568999726036\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.acme.com/software/mini_httpd/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "httpd-bypass-permissions(7541)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7541.php"
},
{
"name": "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100568999726036\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.acme.com/software/mini_httpd/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "httpd-bypass-permissions(7541)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7541.php"
},
{
"name": "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100568999726036\u0026w=2"
},
{
"name": "http://www.acme.com/software/mini_httpd/",
"refsource": "CONFIRM",
"url": "http://www.acme.com/software/mini_httpd/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0893",
"datePublished": "2002-02-02T05:00:00.000Z",
"dateReserved": "2002-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:37:06.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0892 (GCVE-0-2001-0892)
Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
VLAI
Summary
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=100568999726036&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.acme.com/software/thttpd/ | x_refsource_CONFIRM |
Date Public
2001-11-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100568999726036\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.acme.com/software/thttpd/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100568999726036\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.acme.com/software/thttpd/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100568999726036\u0026w=2"
},
{
"name": "http://www.acme.com/software/thttpd/",
"refsource": "CONFIRM",
"url": "http://www.acme.com/software/thttpd/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0892",
"datePublished": "2002-02-02T05:00:00.000Z",
"dateReserved": "2002-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:37:06.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}