CVE-2003-0899
published 2003-11-03CVE-2003-0899: Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '' characters…
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
21.68%
97.3th percentile
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '' characters, which trigger the overflow when the characters are expanded to " " sequences.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acme | thttpd | — | — |
| acme | thttpd | >= 2.21 < 2.23 | 2.23 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
exploitdb·2003-10-27
CVE-2003-0899 thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
---
/*
source: https://www.securityfocus.com/bid/8906/info
A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition. The problem is reported to exist in the defang() function in libhttpd.c.
This issue may allow an attacker to gain unauthorized access to a vulnerable host. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the web server in order to gain unauthorized access to a vulnerable system.
thttpd versions 2.21 to 2.23b1 have been reported to be prone to this issue, however other versions may be a
Exploit-DB
thttpd 2.2x - 'defang' Remote Buffer Overflow
exploitdb·2003-10-27
CVE-2003-0899 thttpd 2.2x - 'defang' Remote Buffer Overflow
thttpd 2.2x - 'defang' Remote Buffer Overflow
---
// source: https://www.securityfocus.com/bid/8906/info
A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition. The problem is reported to exist in the defang() function in libhttpd.c.
This issue may allow an attacker to gain unauthorized access to a vulnerable host. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the web server in order to gain unauthorized access to a vulnerable system.
thttpd versions 2.21 to 2.23b1 have been reported to be prone to this issue, however other versions may be affecte
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=106729188224252&w=2http://secunia.com/advisories/10092http://www.osvdb.org/2729http://www.securityfocus.com/bid/8906http://www.texonet.com/advisories/TEXONET-20030908.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/13530https://www.debian.org/security/2003/dsa-396http://marc.info/?l=bugtraq&m=106729188224252&w=2http://secunia.com/advisories/10092http://www.osvdb.org/2729http://www.securityfocus.com/bid/8906http://www.texonet.com/advisories/TEXONET-20030908.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/13530https://www.debian.org/security/2003/dsa-396
2003-11-03
Published