Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2003-0899

Published: 03/11/2003 Updated: 14/02/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Thttpd

Vulnerability Summary

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote malicious users to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

Vulnerable Product Search on Vulmon Subscribe to Product

acme thttpd 2.23

acme thttpd

Exploits

Exploit DB: thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC)
/* source: wwwsecurityfocuscom/bid/8906/info A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition The problem is reported to exist in the defang() functi ...
Exploit DB: thttpd 2.2x - 'defang' Remote Buffer Overflow
source: wwwsecurityfocuscom/bid/8906/info A vulnerability has been reported in thttpd that may allow a remote attacker to execute arbitrary code on vulnerable host The issue is reported to exist due to a lack of bounds checking by software, leading to a buffer overflow condition The problem is reported to exist in the defang() function ...

Github Repositories

https://github.com/meinlebenswerk/UnicP1Plus_fwtool

Unic P1+ micro projector firmware packing tool

Unic P1+ Firmware tool Short writeup of my experiences with the Unic P1+'s firmware (Unfortuntaly I broke the device, please read carefully if you want to try this on your own Also if you have any Idea how to fix a botched nand, please get in touch) Okay, the story is simple, there is this cute, tiny Wifi projector, the Unic P1+ It could have been such a great device

References

CWE-131http://www.securityfocus.com/bid/8906http://www.texonet.com/advisories/TEXONET-20030908.txthttp://www.osvdb.org/2729http://secunia.com/advisories/10092http://marc.info/?l=bugtraq&m=106729188224252&w=2https://www.debian.org/security/2003/dsa-396https://exchange.xforce.ibmcloud.com/vulnerabilities/13530https://nvd.nist.govhttps://github.com/meinlebenswerk/UnicP1Plus_fwtoolhttps://www.exploit-db.com/exploits/23305/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook