bozotic HTTP server (aka bozohttpd) prior to 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote malicious users to bypass the HTTP authentication scheme and access restrictions via a long path.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
netbsd netbsd 6.0 |
||
netbsd netbsd 5.2 |
||
eterna bozohttpd 20090417 |
||
eterna bozohttpd 20080303 |
||
eterna bozohttpd 20140102 |
||
eterna bozohttpd 20111118 |
||
eterna bozohttpd 20100617 |
||
eterna bozohttpd 20100512 |
||
eterna bozohttpd 20040808 |
||
eterna bozohttpd 20040218 |
||
eterna bozohttpd 20020823 |
||
eterna bozohttpd 20020804 |
||
eterna bozohttpd 20000825 |
||
eterna bozohttpd 20000815 |
||
eterna bozohttpd 20100920 |
||
netbsd netbsd 6.1 |
||
eterna bozohttpd 20100509 |
||
eterna bozohttpd 20090522 |
||
eterna bozohttpd 20031005 |
||
eterna bozohttpd 20030626 |
||
eterna bozohttpd 20020803 |
||
eterna bozohttpd 20020730 |
||
eterna bozohttpd 20000427 |
||
eterna bozohttpd 20000426 |
||
eterna bozohttpd 20030409 |
||
eterna bozohttpd 20030313 |
||
eterna bozohttpd 20020710 |
||
eterna bozohttpd 20010922 |
||
eterna bozohttpd 20000421 |
||
eterna bozohttpd 19990519 |
||
eterna bozohttpd |
||
netbsd netbsd 5.1 |
||
eterna bozohttpd 20100621 |
||
eterna bozohttpd 20060710 |
||
eterna bozohttpd 20060517 |
||
eterna bozohttpd 20050410 |
||
eterna bozohttpd 20021106 |
||
eterna bozohttpd 20020913 |
||
eterna bozohttpd 20010812 |
||
eterna bozohttpd 20010610 |
Vulmon