CVE-2014-5015

EPSS 0.57%
Published 24.07.2014 14:55:09
Last modified 12.04.2025 10:46:40
Source security@debian.org
Teams watchlist Login
Open Login

bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Eterna ≫ Bozohttpd Version <= 20140201

Eterna ≫ Bozohttpd Version19990519

Eterna ≫ Bozohttpd Version20000421

Eterna ≫ Bozohttpd Version20000426

Eterna ≫ Bozohttpd Version20000427

Eterna ≫ Bozohttpd Version20000815

Eterna ≫ Bozohttpd Version20000825

Eterna ≫ Bozohttpd Version20010610

Eterna ≫ Bozohttpd Version20010812

Eterna ≫ Bozohttpd Version20010922

Eterna ≫ Bozohttpd Version20020710

Eterna ≫ Bozohttpd Version20020730

Eterna ≫ Bozohttpd Version20020803

Eterna ≫ Bozohttpd Version20020804

Eterna ≫ Bozohttpd Version20020823

Eterna ≫ Bozohttpd Version20020913

Eterna ≫ Bozohttpd Version20021106

Eterna ≫ Bozohttpd Version20030313

Eterna ≫ Bozohttpd Version20030409

Eterna ≫ Bozohttpd Version20030626

Eterna ≫ Bozohttpd Version20031005

Eterna ≫ Bozohttpd Version20040218

Eterna ≫ Bozohttpd Version20040808

Eterna ≫ Bozohttpd Version20050410

Eterna ≫ Bozohttpd Version20060517

Eterna ≫ Bozohttpd Version20060710

Eterna ≫ Bozohttpd Version20080303

Eterna ≫ Bozohttpd Version20090417

Eterna ≫ Bozohttpd Version20090522

Eterna ≫ Bozohttpd Version20100509

Eterna ≫ Bozohttpd Version20100512

Eterna ≫ Bozohttpd Version20100617

Eterna ≫ Bozohttpd Version20100621

Eterna ≫ Bozohttpd Version20100920

Eterna ≫ Bozohttpd Version20111118

Eterna ≫ Bozohttpd Version20140102

Netbsd ≫ Netbsd Version5.1

Netbsd ≫ Netbsd Version5.2

Netbsd ≫ Netbsd Version6.0

Netbsd ≫ Netbsd Version6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.66

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://www.eterna.com.au/bozohttpd/CHANGES

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc

Vendor Advisory

http://seclists.org/oss-sec/2014/q3/180

http://www.eterna.com.au/bozohttpd/

Patch

http://www.osvdb.org/109283

http://www.securityfocus.com/bid/68752

https://exchange.xforce.ibmcloud.com/vulnerabilities/94751

https://nvd.nist.gov/vuln/detail/CVE-2014-5015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-5015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-5015

EUVD