CVE-2014-5015
N/A
N/A
Summary
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/68752
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc
- http://www.eterna.com.au/bozohttpd/CHANGES
- http://www.osvdb.org/109283
- http://www.eterna.com.au/bozohttpd/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94751
- http://seclists.org/oss-sec/2014/q3/180
References
- http://www.securityfocus.com/bid/68752
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc
- http://www.eterna.com.au/bozohttpd/CHANGES
- http://www.osvdb.org/109283
- http://www.eterna.com.au/bozohttpd/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94751
- http://seclists.org/oss-sec/2014/q3/180
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.