CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17663
https://notcve.org/view.php?id=CVE-2017-17663
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. La implementación htpasswd de mini_httpd, en versiones anteriores a la v1.28 y de thttpd, en versiones anteriores a la v2.28, se ha visto afectada por un desbordamiento de búfer que podría ser explotado de forma remota para ejecutar código. • http://acme.com/updates/archive/199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1548
https://notcve.org/view.php?id=CVE-2015-1548
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. mini_httpd 1.21 y anteriores permite a atacantes remotos obtener información sensible de la memoria de procesos a través de una solicitud HTTP con una cadena de protocolo largo, lo que provoca un cálculo del tamaño de respuesta incorrecta y una lectura fuera de rango. • http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd http://www.securityfocus.com/bid/73450 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0893
https://notcve.org/view.php?id=CVE-2001-0893
Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. • http://marc.info/?l=bugtraq&m=100568999726036&w=2 http://www.acme.com/software/mini_httpd http://www.iss.net/security_center/static/7541.php • CWE-668: Exposure of Resource to Wrong Sphere •