PT-2003-1946 · Thttpd · Thttpd
Christer Oberg
+1
·
Published
2003-10-30
·
Updated
2024-02-14
·
CVE-2003-0899
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
thttpd versions 2.21 through 2.23b1
Description
A buffer overflow issue exists in the defang function within libhttpd.c, allowing remote attackers to execute arbitrary code. This occurs when requests containing '<' or '>' characters are processed, triggering the overflow as these characters are expanded into "<" and ">" sequences.
Recommendations
For thttpd versions 2.21 through 2.23b1, as a temporary workaround, consider restricting access to the defang function in libhttpd.c until a patch is available.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thttpd