CVE-2014-5015

Sažetak

bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.

Reference

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc
http://seclists.org/oss-sec/2014/q3/180
http://www.eterna.com.au/bozohttpd/
http://www.eterna.com.au/bozohttpd/CHANGES
http://www.osvdb.org/109283
http://www.securityfocus.com/bid/68752
https://exchange.xforce.ibmcloud.com/vulnerabilities/94751

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:35

Objavljeno

24-07-2014 - 14:55