PT-2017-7358 · Netbsd · Bozohttpd

Mateusz Kocielski

Published

2017-01-19

Updated

2017-01-20

CVE-2015-8212

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions bozohttpd in NetBSD versions 6.0 through 6.0.6 bozohttpd in NetBSD versions 6.1 through 6.1.5 bozohttpd in NetBSD versions 7.0

Description A flaw in CGI handling in bozohttpd allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.

Recommendations For NetBSD versions 6.0 through 6.0.6, update to a version that includes the fix for the CGI handling flaw. For NetBSD versions 6.1 through 6.1.5, update to a version that includes the fix for the CGI handling flaw. For NetBSD version 7.0, update to a version that includes the fix for the CGI handling flaw.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-8212

DLA-490-1

Affected Products

Bozohttpd

PT-2017-7358 · Netbsd · Bozohttpd

CVE-2015-8212

Weakness Enumeration

Related Identifiers

Affected Products

References · 8