CVE-2010-2320
First published: Mon Aug 02 2010(Updated: )
bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eterna Bozohttpd | =20090417 | |
| Eterna Bozohttpd | =20080303 | |
| Eterna Bozohttpd | =20030313 | |
| Eterna Bozohttpd | =20000421 | |
| Eterna Bozohttpd | =20000825 | |
| Eterna Bozohttpd | =20100512 | |
| Eterna Bozohttpd | =20021106 | |
| Eterna Bozohttpd | =20060710 | |
| Eterna Bozohttpd | =20020803 | |
| Eterna Bozohttpd | =20020804 | |
| Eterna Bozohttpd | =20050410 | |
| Eterna Bozohttpd | =20090522 | |
| Eterna Bozohttpd | =20040808 | |
| Eterna Bozohttpd | =20020730 | |
| Eterna Bozohttpd | =20030626 | |
| Eterna Bozohttpd | =20030409 | |
| Eterna Bozohttpd | =20100509 | |
| Eterna Bozohttpd | =20010922 | |
| Eterna Bozohttpd | =20020710 | |
| Eterna Bozohttpd | =20000426 | |
| Eterna Bozohttpd | =20031005 | |
| Eterna Bozohttpd | =20040218 | |
| Eterna Bozohttpd | =20000427 | |
| Eterna Bozohttpd | =20060517 | |
| Eterna Bozohttpd | =20010812 | |
| Eterna Bozohttpd | =20020913 | |
| Eterna Bozohttpd | <=20100617 | |
| Eterna Bozohttpd | =19990519 | |
| Eterna Bozohttpd | =20010610 | |
| Eterna Bozohttpd | =20020823 | |
| Eterna Bozohttpd | =20000815 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298
- http://security-tracker.debian.org/tracker/CVE-2010-2320
- https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473
- http://www.eterna.com.au/bozohttpd/CHANGES
- http://secunia.com/advisories/40737
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60812
Frequently Asked Questions
What is the severity of CVE-2010-2320?
CVE-2010-2320 is classified as a medium severity vulnerability.
How do I fix CVE-2010-2320?
To fix CVE-2010-2320, upgrade to a version of bozohttpd released after June 21, 2010.
What systems are affected by CVE-2010-2320?
CVE-2010-2320 affects multiple versions of bozohttpd prior to 20100621.
What type of vulnerability is CVE-2010-2320?
CVE-2010-2320 is a directory listing vulnerability that allows remote attackers to list contents of home directories.
Can CVE-2010-2320 lead to account enumeration?
Yes, CVE-2010-2320 can be exploited by attackers to determine the existence of user accounts.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/eterna
- canonical/eterna bozohttpd
- version/eterna bozohttpd/20090417
- version/eterna bozohttpd/20080303
- version/eterna bozohttpd/20030313
- version/eterna bozohttpd/20000421
- version/eterna bozohttpd/20000825
- version/eterna bozohttpd/20100512
- version/eterna bozohttpd/20021106
- version/eterna bozohttpd/20060710
- version/eterna bozohttpd/20020803
- version/eterna bozohttpd/20020804
- version/eterna bozohttpd/20050410
- version/eterna bozohttpd/20090522
- version/eterna bozohttpd/20040808
- version/eterna bozohttpd/20020730
- version/eterna bozohttpd/20030626
- version/eterna bozohttpd/20030409
- version/eterna bozohttpd/20100509
- version/eterna bozohttpd/20010922
- version/eterna bozohttpd/20020710
- version/eterna bozohttpd/20000426
- version/eterna bozohttpd/20031005
- version/eterna bozohttpd/20040218
- version/eterna bozohttpd/20000427
- version/eterna bozohttpd/20060517
- version/eterna bozohttpd/20010812
- version/eterna bozohttpd/20020913
- version/eterna bozohttpd/20100617
- version/eterna bozohttpd/19990519
- version/eterna bozohttpd/20010610
- version/eterna bozohttpd/20020823
- version/eterna bozohttpd/20000815