Published: 12/08/2002 Updated: 05/09/2008
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote malicious users to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.

Affected Products

Vendor Product Versions
Acme LabsThttpd2.20b


source: wwwsecurityfocuscom/bid/4601/info thttpd is a web server product maintained by ACME Labs thttpd has been compiled for Linux, BSD and Solaris, as well as other Unix like operating systems Cross Site Scripting issues has been reported in some versions of thttpd thttpd fails to check URLs for the presence of script commands when ...