Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 396-1 (thttpd)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to thttpd announced via advisory DSA 396-1.

Insight

Insight

Several vulnerabilities have been discovered in thttpd, a tiny HTTP server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2002-1562: Information leak Marcus Breiing discovered that if thttpd it is used for virtual hosting, and an attacker supplies a specially crafted ``Host:'' header with a pathname instead of a hostname, thttpd will reveal information about the host system. Hence, an attacker can browse the entire disk. CVE-2003-0899: Arbitrary code execution Joel Soderberg and Christer Oberg discovered a remote overflow which allows an attacker to partially overwrite the EBP register and hencely execute arbitrary code. For the stable distribution (woody) these problems have been fixed in version 2.21b-11.2. For the unstable distribution (sid) this problem has been fixed in version 2.23beta1-2.3. We recommend that you upgrade your thttpd package immediately.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20396-1

Common Vulnerabilities and Exposures (CVE)