Monkey-Project Monkey vulnerabilities
27 known vulnerabilities affecting monkey-project/monkey.
Total CVEs
27
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM15
Vulnerabilities
Page 2 of 2
CVE-2013-2163P4MEDIUMCVSS 5.0≤ 1.2.1v1.2.02014-06-13
CVE-2013-2163 [MEDIUM] CWE-20 CVE-2013-2163: Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infi
Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.
nvd
CVE-2012-5303P4MEDIUMCVSS 6.9v0.9.32012-10-05
CVE-2012-5303 [MEDIUM] CWE-59 CVE-2012-5303: Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack o
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.
nvd
CVE-2013-2181P4MEDIUMCVSS 4.3v1.2.22013-07-29
CVE-2013-2181 [MEDIUM] CWE-79 CVE-2013-2181: Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monk
Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.
nvd
CVE-2003-1209P4MEDIUMCVSS 5.0≤ 0.6.1v0.1.1+2 more2003-12-31
CVE-2003-1209 [MEDIUM] CWE-20 CVE-2003-1209: The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denia
The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.
nvd
CVE-2005-1123P4MEDIUMCVSS 5.0≤ 0.9.0v0.1.1+14 more2005-05-02
CVE-2005-1123 [MEDIUM] CWE-119 CVE-2005-1123: Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory co
Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file.
nvd
CVE-2014-5336P4MEDIUMCVSS 4.3≤ 1.5.2v0.1.1+53 more2014-08-26
CVE-2014-5336 [MEDIUM] CWE-20 CVE-2014-5336: Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error me
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) via an HTTP request that triggers an error message.
nvd
CVE-2012-4442P4MEDIUMCVSS 4.7v0.9.32012-10-05
CVE-2012-4442 [MEDIUM] CWE-264 CVE-2012-4442: Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations w
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
nvd
← Previous2 / 2