Acme » Mini Httpd : Security Vulnerabilities, CVEs,

CVE-2017-17663

The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.
Max CVSS
9.8
EPSS Score
0.45%
Published
2018-02-06
Updated
2018-03-13

CVE-2015-1548

mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Max CVSS
5.0
EPSS Score
0.65%
Published
2015-02-10
Updated
2016-12-22

CVE-2009-4490

mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Max CVSS
5.0
EPSS Score
0.30%
Published
2010-01-13
Updated
2018-10-10

CVE-2001-0893

Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
Max CVSS
5.0
EPSS Score
0.42%
Published
2001-11-13
Updated
2021-09-13
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close