CVE-2015-1548
mini_httpd < 1.21 - Information Disclosure via Long HTTP Protocol String
Title source: llmDescription
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73450
Exploit x_refsource_misc
http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/
Scores
EPSS
0.0134
EPSS Percentile
67.8%
Details
CWE
CWE-119
Status
published
Products (1)
acme/mini_httpd
< 1.21
Published
Feb 10, 2015
Tracked Since
Feb 18, 2026