Description
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ACME / thttpd2.21 – 2.23
- ACME / thttpd2.23 – 2.23
- ACME / thttpd2.23 – 2.23
References
- MISChttp://www.securityfocus.com/bid/8906
- VENDOR_ADVISORYhttps://www.debian.org/security/2003/dsa-396
- VENDOR_ADVISORYhttp://secunia.com/advisories/10092
- MISChttp://www.osvdb.org/2729
- VENDOR_ADVISORYhttp://www.texonet.com/advisories/TEXONET-20030908.txt
- MAILING_LISThttp://marc.info/?l=bugtraq&m=106729188224252&w=2
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/13530