htsearch CGI program in htdig (ht://Dig) 3.1.5 and previous versions allows remote malicious users to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
conectiva linux 6.0 |
||
conectiva linux 7.0 |
||
conectiva linux 5.0 |
||
conectiva linux 5.1 |
||
htdig htdig |
||
suse suse linux 7.2 |
||
suse suse linux 7.3 |
||
suse suse linux 6.4 |
||
suse suse linux 7.0 |
||
suse suse linux 7.1 |
||
debian debian linux 2.2 |
||
suse suse linux 6.3 |