CVE-2014-5015
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
El servidor HTTP bozotic (también conocido como bozohttpd) anterior a 20140708, utilizado en NetBSD, trunca las rutas cuando compruebe las restricciones .htpasswd, lo que permite a atacantes remotos evadir la esquema de la autenticación HTTP y acceder a las restricciones a través de una ruta larga.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-07-18 CVE Reserved
- 2014-07-24 CVE Published
- 2024-06-05 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q3/180 | Mailing List |
|
| http://www.eterna.com.au/bozohttpd/CHANGES | X_refsource_confirm | |
| http://www.osvdb.org/109283 | Vdb Entry | |
| http://www.securityfocus.com/bid/68752 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94751 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.eterna.com.au/bozohttpd | 2017-08-29 |
| URL | Date | SRC |
|---|---|---|
| ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | <= 20140201 Search vendor "Eterna" for product "Bozohttpd" and version " <= 20140201" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 19990519 Search vendor "Eterna" for product "Bozohttpd" and version "19990519" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20000421 Search vendor "Eterna" for product "Bozohttpd" and version "20000421" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20000426 Search vendor "Eterna" for product "Bozohttpd" and version "20000426" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20000427 Search vendor "Eterna" for product "Bozohttpd" and version "20000427" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20000815 Search vendor "Eterna" for product "Bozohttpd" and version "20000815" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20000825 Search vendor "Eterna" for product "Bozohttpd" and version "20000825" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20010610 Search vendor "Eterna" for product "Bozohttpd" and version "20010610" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20010812 Search vendor "Eterna" for product "Bozohttpd" and version "20010812" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20010922 Search vendor "Eterna" for product "Bozohttpd" and version "20010922" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20020710 Search vendor "Eterna" for product "Bozohttpd" and version "20020710" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20020730 Search vendor "Eterna" for product "Bozohttpd" and version "20020730" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20020803 Search vendor "Eterna" for product "Bozohttpd" and version "20020803" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20020804 Search vendor "Eterna" for product "Bozohttpd" and version "20020804" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20020823 Search vendor "Eterna" for product "Bozohttpd" and version "20020823" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20020913 Search vendor "Eterna" for product "Bozohttpd" and version "20020913" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20021106 Search vendor "Eterna" for product "Bozohttpd" and version "20021106" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20030313 Search vendor "Eterna" for product "Bozohttpd" and version "20030313" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20030409 Search vendor "Eterna" for product "Bozohttpd" and version "20030409" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20030626 Search vendor "Eterna" for product "Bozohttpd" and version "20030626" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20031005 Search vendor "Eterna" for product "Bozohttpd" and version "20031005" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20040218 Search vendor "Eterna" for product "Bozohttpd" and version "20040218" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20040808 Search vendor "Eterna" for product "Bozohttpd" and version "20040808" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20050410 Search vendor "Eterna" for product "Bozohttpd" and version "20050410" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20060517 Search vendor "Eterna" for product "Bozohttpd" and version "20060517" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20060710 Search vendor "Eterna" for product "Bozohttpd" and version "20060710" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20080303 Search vendor "Eterna" for product "Bozohttpd" and version "20080303" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20090417 Search vendor "Eterna" for product "Bozohttpd" and version "20090417" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20090522 Search vendor "Eterna" for product "Bozohttpd" and version "20090522" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20100509 Search vendor "Eterna" for product "Bozohttpd" and version "20100509" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20100512 Search vendor "Eterna" for product "Bozohttpd" and version "20100512" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20100617 Search vendor "Eterna" for product "Bozohttpd" and version "20100617" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20100621 Search vendor "Eterna" for product "Bozohttpd" and version "20100621" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20100920 Search vendor "Eterna" for product "Bozohttpd" and version "20100920" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20111118 Search vendor "Eterna" for product "Bozohttpd" and version "20111118" | - |
Affected
| ||||||
| Eterna Search vendor "Eterna" | Bozohttpd Search vendor "Eterna" for product "Bozohttpd" | 20140102 Search vendor "Eterna" for product "Bozohttpd" and version "20140102" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.1 Search vendor "Netbsd" for product "Netbsd" and version "5.1" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 5.2 Search vendor "Netbsd" for product "Netbsd" and version "5.2" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.0 Search vendor "Netbsd" for product "Netbsd" and version "6.0" | - |
Affected
| ||||||
| Netbsd Search vendor "Netbsd" | Netbsd Search vendor "Netbsd" for product "Netbsd" | 6.1 Search vendor "Netbsd" for product "Netbsd" and version "6.1" | - |
Affected
| ||||||