← volver
CVE-2014-5015

CVE-2014-5015

EPSS 1.7%
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.aschttp://seclists.org/oss-sec/2014/q3/180https://exchange.xforce.ibmcloud.com/vulnerabilities/94751http://www.eterna.com.au/bozohttpd/http://www.eterna.com.au/bozohttpd/CHANGEShttp://www.osvdb.org/109283http://www.securityfocus.com/bid/68752