[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256488

 
 

909

 
 

199193

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2001-0834Date: (C)2001-12-06   (M)2023-12-22


htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://marc.info/?l=bugtraq&m=100260195401753&w=2
BID-3410
CLA-2001:429
CSSA-2001-035.0
DSA-080
MDKSA-2001:083
RHSA-2001:139
SuSE-SA:2001:035
htdig-htsearch-infinite-loop(7262)
htdig-htsearch-retrieve-files(7263)
http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593

CPE    11
cpe:/o:suse:suse_linux:6.3
cpe:/o:suse:suse_linux:7.2
cpe:/o:suse:suse_linux:6.4
cpe:/o:suse:suse_linux:7.3
...

© SecPod Technologies