CVE-2003-0899

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.
References
Link Resource
http://marc.info/?l=bugtraq&m=106729188224252&w=2 Exploit Mailing List
http://secunia.com/advisories/10092 Broken Link Patch Vendor Advisory
http://www.osvdb.org/2729 Broken Link
http://www.securityfocus.com/bid/8906 Broken Link Exploit Patch Third Party Advisory VDB Entry
http://www.texonet.com/advisories/TEXONET-20030908.txt Broken Link URL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 Third Party Advisory VDB Entry
https://www.debian.org/security/2003/dsa-396 Broken Link
http://marc.info/?l=bugtraq&m=106729188224252&w=2 Exploit Mailing List
http://secunia.com/advisories/10092 Broken Link Patch Vendor Advisory
http://www.osvdb.org/2729 Broken Link
http://www.securityfocus.com/bid/8906 Broken Link Exploit Patch Third Party Advisory VDB Entry
http://www.texonet.com/advisories/TEXONET-20030908.txt Broken Link URL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 Third Party Advisory VDB Entry
https://www.debian.org/security/2003/dsa-396 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:acme:thttpd:*:*:*:*:*:*:*:*
cpe:2.3:a:acme:thttpd:2.23:-:*:*:*:*:*:*
cpe:2.3:a:acme:thttpd:2.23:b1:*:*:*:*:*:*

History

20 Nov 2024, 23:45

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=106729188224252&w=2 - Exploit, Mailing List () http://marc.info/?l=bugtraq&m=106729188224252&w=2 - Exploit, Mailing List
References () http://secunia.com/advisories/10092 - Broken Link, Patch, Vendor Advisory () http://secunia.com/advisories/10092 - Broken Link, Patch, Vendor Advisory
References () http://www.osvdb.org/2729 - Broken Link () http://www.osvdb.org/2729 - Broken Link
References () http://www.securityfocus.com/bid/8906 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/8906 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
References () http://www.texonet.com/advisories/TEXONET-20030908.txt - Broken Link, URL Repurposed () http://www.texonet.com/advisories/TEXONET-20030908.txt - Broken Link, URL Repurposed
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 - Third Party Advisory, VDB Entry
References () https://www.debian.org/security/2003/dsa-396 - Broken Link () https://www.debian.org/security/2003/dsa-396 - Broken Link

14 Feb 2024, 01:17

Type Values Removed Values Added
References (MISC) http://www.texonet.com/advisories/TEXONET-20030908.txt - Broken Link (MISC) http://www.texonet.com/advisories/TEXONET-20030908.txt - Broken Link, URL Repurposed

02 Feb 2024, 14:01

Type Values Removed Values Added
References (SECUNIA) http://secunia.com/advisories/10092 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/10092 - Broken Link, Patch, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/8906 - Exploit, Patch (BID) http://www.securityfocus.com/bid/8906 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=106729188224252&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=106729188224252&w=2 - Exploit, Mailing List
References (DEBIAN) https://www.debian.org/security/2003/dsa-396 - (DEBIAN) https://www.debian.org/security/2003/dsa-396 - Broken Link
References (OSVDB) http://www.osvdb.org/2729 - (OSVDB) http://www.osvdb.org/2729 - Broken Link
References (MISC) http://www.texonet.com/advisories/TEXONET-20030908.txt - (MISC) http://www.texonet.com/advisories/TEXONET-20030908.txt - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/13530 - Third Party Advisory, VDB Entry
First Time Acme
Acme thttpd
CWE CWE-119 CWE-131
CVSS v2 : 7.5
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:acme_labs:thttpd:2.21b:*:*:*:*:*:*:*
cpe:2.3:a:acme_labs:thttpd:2.21:*:*:*:*:*:*:*
cpe:2.3:a:acme_labs:thttpd:2.23b1:*:*:*:*:*:*:*
cpe:2.3:a:acme_labs:thttpd:2.22:*:*:*:*:*:*:*
cpe:2.3:a:acme:thttpd:*:*:*:*:*:*:*:*
cpe:2.3:a:acme:thttpd:2.23:b1:*:*:*:*:*:*
cpe:2.3:a:acme:thttpd:2.23:-:*:*:*:*:*:*

Information

Published : 2003-11-03 05:00

Updated : 2024-11-20 23:45


NVD link : CVE-2003-0899

Mitre link : CVE-2003-0899

CVE.ORG link : CVE-2003-0899


JSON object : View

Products Affected

acme

  • thttpd
CWE
CWE-131

Incorrect Calculation of Buffer Size