CVE-2015-1548
published 2015-02-10CVE-2015-1548: mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which…
PriorityP420medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.33%
67.6th percentile
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acme | mini_httpd | <= 1.21 | — |
| debian | mini-httpd | < mini-httpd 1.21-1 (bookworm) | mini-httpd 1.21-1 (bookworm) |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p64m-82xx-9xm7: mini_httpd 1
ghsa_unreviewed·2022-05-17
CVE-2015-1548 [MEDIUM] CWE-119 GHSA-p64m-82xx-9xm7: mini_httpd 1
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
OSV
CVE-2015-1548: mini_httpd 1
osv·2015-02-10·CVSS 5.0
CVE-2015-1548 [MEDIUM] CVE-2015-1548: mini_httpd 1
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Debian
CVE-2015-1548: mini-httpd - mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive informat...
vendor_debian·2015·CVSS 5.0
CVE-2015-1548 [MEDIUM] CVE-2015-1548: mini-httpd - mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive informat...
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Scope: local
bookworm: resolved (fixed in 1.21-1)
bullseye: resolved (fixed in 1.21-1)
forky: resolved (fixed in 1.21-1)
sid: resolved (fixed in 1.21-1)
trixie: resolved (fixed in 1.21-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-02-10
Published