Vulnerabilities > CVE-2003-0899 - Incorrect Calculation of Buffer Size vulnerability in Acme Thttpd 2.21/2.22/2.23
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Buffer Overflow via Parameter Expansion In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
Exploit-Db
description thttpd 2.2x defang Remote Buffer Overflow Vulnerability (2). CVE-2003-0899 . Remote exploit for linux platform id EDB-ID:23306 last seen 2016-02-02 modified 2003-10-27 published 2003-10-27 reporter d3ck4 source https://www.exploit-db.com/download/23306/ title thttpd 2.2x defang Remote Buffer Overflow Vulnerability 2 description thttpd 2.2x defang Remote Buffer Overflow Vulnerability (1). CVE-2003-0899 . Dos exploit for linux platform id EDB-ID:23305 last seen 2016-02-02 modified 2003-10-27 published 2003-10-27 reporter Joel Soderberg source https://www.exploit-db.com/download/23305/ title thttpd 2.2x defang Remote Buffer Overflow Vulnerability 1
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-396.NASL description Several vulnerabilities have been discovered in thttpd, a tiny HTTP server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2002-1562: Information leak Marcus Breiing discovered that if thttpd it is used for virtual hosting, and an attacker supplies a specially crafted last seen 2020-06-01 modified 2020-06-02 plugin id 15233 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15233 title Debian DSA-396-1 : thttpd - missing input sanitizing, wrong calculation NASL family Web Servers NASL id THTTPD_VIRTUALHOST_ESCAPE.NASL description The remote HTTP server allows anyone to browse the files on the remote host by sending HTTP requests with a Host: field set to last seen 2020-06-01 modified 2020-06-02 plugin id 11576 published 2003-05-06 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11576 title thttpd Host Header Traversal Arbitrary File Access NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_044.NASL description The remote host is missing the patch for the advisory SuSE-SA:2003:044 (thttpd). Two vulnerabilities were found in the last seen 2020-06-01 modified 2020-06-02 plugin id 13812 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13812 title SuSE-SA:2003:044: thttpd
References
- http://marc.info/?l=bugtraq&m=106729188224252&w=2
- http://marc.info/?l=bugtraq&m=106729188224252&w=2
- http://secunia.com/advisories/10092
- http://secunia.com/advisories/10092
- http://www.osvdb.org/2729
- http://www.osvdb.org/2729
- http://www.securityfocus.com/bid/8906
- http://www.securityfocus.com/bid/8906
- http://www.texonet.com/advisories/TEXONET-20030908.txt
- http://www.texonet.com/advisories/TEXONET-20030908.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13530
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13530
- https://www.debian.org/security/2003/dsa-396
- https://www.debian.org/security/2003/dsa-396