CVE-2014-5015
First published: Thu Jul 24 2014(Updated: )
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eterna Bozohttpd | <=20140201 | |
| Eterna Bozohttpd | =19990519 | |
| Eterna Bozohttpd | =20000421 | |
| Eterna Bozohttpd | =20000426 | |
| Eterna Bozohttpd | =20000427 | |
| Eterna Bozohttpd | =20000815 | |
| Eterna Bozohttpd | =20000825 | |
| Eterna Bozohttpd | =20010610 | |
| Eterna Bozohttpd | =20010812 | |
| Eterna Bozohttpd | =20010922 | |
| Eterna Bozohttpd | =20020710 | |
| Eterna Bozohttpd | =20020730 | |
| Eterna Bozohttpd | =20020803 | |
| Eterna Bozohttpd | =20020804 | |
| Eterna Bozohttpd | =20020823 | |
| Eterna Bozohttpd | =20020913 | |
| Eterna Bozohttpd | =20021106 | |
| Eterna Bozohttpd | =20030313 | |
| Eterna Bozohttpd | =20030409 | |
| Eterna Bozohttpd | =20030626 | |
| Eterna Bozohttpd | =20031005 | |
| Eterna Bozohttpd | =20040218 | |
| Eterna Bozohttpd | =20040808 | |
| Eterna Bozohttpd | =20050410 | |
| Eterna Bozohttpd | =20060517 | |
| Eterna Bozohttpd | =20060710 | |
| Eterna Bozohttpd | =20080303 | |
| Eterna Bozohttpd | =20090417 | |
| Eterna Bozohttpd | =20090522 | |
| Eterna Bozohttpd | =20100509 | |
| Eterna Bozohttpd | =20100512 | |
| Eterna Bozohttpd | =20100617 | |
| Eterna Bozohttpd | =20100621 | |
| Eterna Bozohttpd | =20100920 | |
| Eterna Bozohttpd | =20111118 | |
| Eterna Bozohttpd | =20140102 | |
| NetBSD NetBSD | =5.1 | |
| NetBSD NetBSD | =5.2 | |
| NetBSD NetBSD | =6.0 | |
| NetBSD NetBSD | =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/eterna
- canonical/eterna bozohttpd
- version/eterna bozohttpd/20140201
- version/eterna bozohttpd/19990519
- version/eterna bozohttpd/20000421
- version/eterna bozohttpd/20000426
- version/eterna bozohttpd/20000427
- version/eterna bozohttpd/20000815
- version/eterna bozohttpd/20000825
- version/eterna bozohttpd/20010610
- version/eterna bozohttpd/20010812
- version/eterna bozohttpd/20010922
- version/eterna bozohttpd/20020710
- version/eterna bozohttpd/20020730
- version/eterna bozohttpd/20020803
- version/eterna bozohttpd/20020804
- version/eterna bozohttpd/20020823
- version/eterna bozohttpd/20020913
- version/eterna bozohttpd/20021106
- version/eterna bozohttpd/20030313
- version/eterna bozohttpd/20030409
- version/eterna bozohttpd/20030626
- version/eterna bozohttpd/20031005
- version/eterna bozohttpd/20040218
- version/eterna bozohttpd/20040808
- version/eterna bozohttpd/20050410
- version/eterna bozohttpd/20060517
- version/eterna bozohttpd/20060710
- version/eterna bozohttpd/20080303
- version/eterna bozohttpd/20090417
- version/eterna bozohttpd/20090522
- version/eterna bozohttpd/20100509
- version/eterna bozohttpd/20100512
- version/eterna bozohttpd/20100617
- version/eterna bozohttpd/20100621
- version/eterna bozohttpd/20100920
- version/eterna bozohttpd/20111118
- version/eterna bozohttpd/20140102
- vendor/netbsd
- canonical/netbsd netbsd
- version/netbsd netbsd/5.1
- version/netbsd netbsd/5.2
- version/netbsd netbsd/6.0
- version/netbsd netbsd/6.1