CVE-2001-0834
published 2001-12-06CVE-2001-0834: htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could…
PriorityP420medium6.4CVSS 2.0
AVNACLAuNCPINAP
EPSS
2.63%
83.6th percentile
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| conectiva | linux | — | — |
| conectiva | linux | — | — |
| conectiva | linux | — | — |
| conectiva | linux | — | — |
| debian | debian_linux | — | — |
| htdig | htdig | <= 3.1.5 | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
| suse | suse_linux | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2001-10-07·CVSS 6.4
CVE-2001-0834 [MEDIUM] security flaw
security flaw
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
GHSA
GHSA-v6hf-54vc-wr5c: htsearch CGI program in htdig (ht://Dig) 3
ghsa_unreviewed·2022-04-30
CVE-2001-0834 [MEDIUM] GHSA-v6hf-54vc-wr5c: htsearch CGI program in htdig (ht://Dig) 3
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
No detection rules found.
No public exploits indexed.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429http://marc.info/?l=bugtraq&m=100260195401753&w=2http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txthttp://www.debian.org/security/2001/dsa-080http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.htmlhttp://www.redhat.com/support/errata/RHSA-2001-139.htmlhttp://www.securityfocus.com/bid/3410https://exchange.xforce.ibmcloud.com/vulnerabilities/7262https://exchange.xforce.ibmcloud.com/vulnerabilities/7263http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429http://marc.info/?l=bugtraq&m=100260195401753&w=2http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txthttp://www.debian.org/security/2001/dsa-080http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.htmlhttp://www.redhat.com/support/errata/RHSA-2001-139.htmlhttp://www.securityfocus.com/bid/3410https://exchange.xforce.ibmcloud.com/vulnerabilities/7262https://exchange.xforce.ibmcloud.com/vulnerabilities/7263
2001-12-06
Published