6.4

CVE-2001-0834

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HtdigHtdig Version <= 3.1.5
ConectivaLinux Version5.0
ConectivaLinux Version5.1
ConectivaLinux Version6.0
ConectivaLinux Version7.0
DebianDebian Linux Version2.2
SuseSuse Linux Version6.3
SuseSuse Linux Version6.4
SuseSuse Linux Version7.0
SuseSuse Linux Version7.1
SuseSuse Linux Version7.2
SuseSuse Linux Version7.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.51% 0.839
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P