Описание
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [20111118-1+deb7u1build0.14.04.1]] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 20111118-1+deb7u1build0.14.04.1 |
| trusty/esm | DNE | trusty was released [20111118-1+deb7u1build0.14.04.1] |
| upstream | released | 20140708 |
| utopic | ignored | end of life |
| vivid | DNE |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD ...
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
EPSS
5 Medium
CVSS2