// For flags

CVE-2014-5015

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.

El servidor HTTP bozotic (también conocido como bozohttpd) anterior a 20140708, utilizado en NetBSD, trunca las rutas cuando compruebe las restricciones .htpasswd, lo que permite a atacantes remotos evadir la esquema de la autenticación HTTP y acceder a las restricciones a través de una ruta larga.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-07-18 CVE Reserved
  • 2014-07-24 CVE Published
  • 2024-06-05 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
<= 20140201
Search vendor "Eterna" for product "Bozohttpd" and version " <= 20140201"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
19990519
Search vendor "Eterna" for product "Bozohttpd" and version "19990519"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20000421
Search vendor "Eterna" for product "Bozohttpd" and version "20000421"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20000426
Search vendor "Eterna" for product "Bozohttpd" and version "20000426"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20000427
Search vendor "Eterna" for product "Bozohttpd" and version "20000427"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20000815
Search vendor "Eterna" for product "Bozohttpd" and version "20000815"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20000825
Search vendor "Eterna" for product "Bozohttpd" and version "20000825"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20010610
Search vendor "Eterna" for product "Bozohttpd" and version "20010610"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20010812
Search vendor "Eterna" for product "Bozohttpd" and version "20010812"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20010922
Search vendor "Eterna" for product "Bozohttpd" and version "20010922"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20020710
Search vendor "Eterna" for product "Bozohttpd" and version "20020710"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20020730
Search vendor "Eterna" for product "Bozohttpd" and version "20020730"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20020803
Search vendor "Eterna" for product "Bozohttpd" and version "20020803"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20020804
Search vendor "Eterna" for product "Bozohttpd" and version "20020804"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20020823
Search vendor "Eterna" for product "Bozohttpd" and version "20020823"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20020913
Search vendor "Eterna" for product "Bozohttpd" and version "20020913"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20021106
Search vendor "Eterna" for product "Bozohttpd" and version "20021106"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20030313
Search vendor "Eterna" for product "Bozohttpd" and version "20030313"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20030409
Search vendor "Eterna" for product "Bozohttpd" and version "20030409"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20030626
Search vendor "Eterna" for product "Bozohttpd" and version "20030626"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20031005
Search vendor "Eterna" for product "Bozohttpd" and version "20031005"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20040218
Search vendor "Eterna" for product "Bozohttpd" and version "20040218"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20040808
Search vendor "Eterna" for product "Bozohttpd" and version "20040808"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20050410
Search vendor "Eterna" for product "Bozohttpd" and version "20050410"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20060517
Search vendor "Eterna" for product "Bozohttpd" and version "20060517"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20060710
Search vendor "Eterna" for product "Bozohttpd" and version "20060710"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20080303
Search vendor "Eterna" for product "Bozohttpd" and version "20080303"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20090417
Search vendor "Eterna" for product "Bozohttpd" and version "20090417"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20090522
Search vendor "Eterna" for product "Bozohttpd" and version "20090522"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20100509
Search vendor "Eterna" for product "Bozohttpd" and version "20100509"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20100512
Search vendor "Eterna" for product "Bozohttpd" and version "20100512"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20100617
Search vendor "Eterna" for product "Bozohttpd" and version "20100617"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20100621
Search vendor "Eterna" for product "Bozohttpd" and version "20100621"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20100920
Search vendor "Eterna" for product "Bozohttpd" and version "20100920"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20111118
Search vendor "Eterna" for product "Bozohttpd" and version "20111118"
-
Affected
Eterna
Search vendor "Eterna"
Bozohttpd
Search vendor "Eterna" for product "Bozohttpd"
20140102
Search vendor "Eterna" for product "Bozohttpd" and version "20140102"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
5.1
Search vendor "Netbsd" for product "Netbsd" and version "5.1"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
5.2
Search vendor "Netbsd" for product "Netbsd" and version "5.2"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
6.0
Search vendor "Netbsd" for product "Netbsd" and version "6.0"
-
Affected
Netbsd
Search vendor "Netbsd"
Netbsd
Search vendor "Netbsd" for product "Netbsd"
6.1
Search vendor "Netbsd" for product "Netbsd" and version "6.1"
-
Affected