CVE-2015-8212
CRITICALNetBSD bozohttpd CGI Handling - Remote Code Execution
Title source: manualDescription
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_netbsd
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035673
Scores
CVSS v3
9.8
EPSS
0.0215
EPSS Percentile
84.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (14)
netbsd/netbsd
6.0
netbsd/netbsd
6.0.1
netbsd/netbsd
6.0.2
netbsd/netbsd
6.0.3
netbsd/netbsd
6.0.4
netbsd/netbsd
6.0.5
netbsd/netbsd
6.0.6
netbsd/netbsd
6.1
netbsd/netbsd
6.1.1
netbsd/netbsd
6.1.2
... and 4 more
Published
Jan 19, 2017
Tracked Since
Feb 18, 2026