CVE-2010-2320

Sažetak

bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298
http://secunia.com/advisories/40737
http://security-tracker.debian.org/tracker/CVE-2010-2320
http://www.eterna.com.au/bozohttpd/CHANGES
https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473
https://exchange.xforce.ibmcloud.com/vulnerabilities/60812

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

02-08-2010 - 20:40