CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0263 – ACME Ultra Mini HTTPd HTTP GET Request denial of service
https://notcve.org/view.php?id=CVE-2024-0263
07 Jan 2024 — A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. • https://0day.today/exploit/description/39212 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 92%CPEs: 1EXPL: 2CVE-2018-18778
https://notcve.org/view.php?id=CVE-2018-18778
29 Oct 2018 — ACME mini_httpd before 1.30 lets remote users read arbitrary files. ACME mini_httpd en versiones anteriores a la 1.30 permite que usuarios remotos lean archivos arbitrarios. • https://github.com/auk0x01/CVE-2018-18778-Scanner • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-17663
https://notcve.org/view.php?id=CVE-2017-17663
06 Feb 2018 — The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. La implementación htpasswd de mini_httpd, en versiones anteriores a la v1.28 y de thttpd, en versiones anteriores a la v2.28, se ha visto afectada por un desbordamiento de búfer que podría ser explotado de forma remota para ejecutar código. • http://acme.com/updates/archive/199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1548
https://notcve.org/view.php?id=CVE-2015-1548
10 Feb 2015 — mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. mini_httpd 1.21 y anteriores permite a atacantes remotos obtener información sensible de la memoria de procesos a través de una solicitud HTTP con una cadena de protocolo largo, lo que provoca un cálculo del tamaño de respuesta incorrecta y una lectura fuera de rango. • http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 2CVE-2009-4490 – mini_httpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection
https://notcve.org/view.php?id=CVE-2009-4490
13 Jan 2010 — mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. mini_httpd v1.19, escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobresc... • https://www.exploit-db.com/exploits/33500 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0893
https://notcve.org/view.php?id=CVE-2001-0893
13 Nov 2001 — Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. • http://marc.info/?l=bugtraq&m=100568999726036&w=2 • CWE-668: Exposure of Resource to Wrong Sphere •