CVE-2006-1598
- EPSS 0.84%
- Veröffentlicht 03.04.2006 17:04:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension.
CVE-2005-1086
- EPSS 7.16%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.
CVE-2005-1087
- EPSS 4.25%
- Veröffentlicht 07.04.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
CVE-2002-1930
- EPSS 23.45%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.
CVE-1999-0947
- EPSS 5.38%
- Veröffentlicht 02.11.1999 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.