Vulnerabilities > CVE-2003-0899 - Incorrect Calculation of Buffer Size vulnerability in Acme Thttpd 2.21/2.22/2.23

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
acme
CWE-131
critical
nessus
exploit available

Summary

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

Vulnerable Configurations

Part Description Count
Application
Acme
5

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.

Exploit-Db

  • descriptionthttpd 2.2x defang Remote Buffer Overflow Vulnerability (2). CVE-2003-0899 . Remote exploit for linux platform
    idEDB-ID:23306
    last seen2016-02-02
    modified2003-10-27
    published2003-10-27
    reporterd3ck4
    sourcehttps://www.exploit-db.com/download/23306/
    titlethttpd 2.2x defang Remote Buffer Overflow Vulnerability 2
  • descriptionthttpd 2.2x defang Remote Buffer Overflow Vulnerability (1). CVE-2003-0899 . Dos exploit for linux platform
    idEDB-ID:23305
    last seen2016-02-02
    modified2003-10-27
    published2003-10-27
    reporterJoel Soderberg
    sourcehttps://www.exploit-db.com/download/23305/
    titlethttpd 2.2x defang Remote Buffer Overflow Vulnerability 1

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-396.NASL
    descriptionSeveral vulnerabilities have been discovered in thttpd, a tiny HTTP server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2002-1562: Information leak Marcus Breiing discovered that if thttpd it is used for virtual hosting, and an attacker supplies a specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id15233
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15233
    titleDebian DSA-396-1 : thttpd - missing input sanitizing, wrong calculation
  • NASL familyWeb Servers
    NASL idTHTTPD_VIRTUALHOST_ESCAPE.NASL
    descriptionThe remote HTTP server allows anyone to browse the files on the remote host by sending HTTP requests with a Host: field set to
    last seen2020-06-01
    modified2020-06-02
    plugin id11576
    published2003-05-06
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11576
    titlethttpd Host Header Traversal Arbitrary File Access
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2003_044.NASL
    descriptionThe remote host is missing the patch for the advisory SuSE-SA:2003:044 (thttpd). Two vulnerabilities were found in the
    last seen2020-06-01
    modified2020-06-02
    plugin id13812
    published2004-07-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13812
    titleSuSE-SA:2003:044: thttpd