CVE-2014-5015
bozohttpd < 20140708 - Unauthenticated HTTP Authentication Bypass via Long Path Truncation
Title source: llmDescription
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68752
Vendor Advisory vendor-advisory
x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc
Various Sources x_refsource_confirm
http://www.eterna.com.au/bozohttpd/CHANGES
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/109283
Patch x_refsource_confirm
http://www.eterna.com.au/bozohttpd/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94751
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q3/180
Scores
EPSS
0.0057
EPSS Percentile
68.9%
Details
CWE
CWE-264
Status
published
Products (40)
eterna/bozohttpd
19990519
eterna/bozohttpd
20000421
eterna/bozohttpd
20000426
eterna/bozohttpd
20000427
eterna/bozohttpd
20000815
eterna/bozohttpd
20000825
eterna/bozohttpd
20010610
eterna/bozohttpd
20010812
eterna/bozohttpd
20010922
eterna/bozohttpd
20020710
... and 30 more
Published
Jul 24, 2014
Tracked Since
Feb 18, 2026