-
Notifications
You must be signed in to change notification settings - Fork 0
/
thttpd.xml
283 lines (283 loc) · 18.7 KB
/
thttpd.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
<Vulns> <Vulnerability addData="2007-01-26" gvid="ID104573" id="104573" modifyDate="2013-12-04"> <cvsscode>5.0</cvsscode> <severity>Severe</severity> <name>THTTPD任意文件披露</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>thttpd2.04之前的版本允许任意文件通过获取访问多个 &#39;/&#39;在文件名中显示。</Description> <cnnvd>CNNVD-199912-143</cnnvd> <AlternateIds> <id name="CVE">CVE-1999-1456</id> </AlternateIds> <Solutions></Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="thttpd">
<version> <range> <high inclusive="1">2.03</high> </range> </version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2007-01-29" gvid="ID104574" id="104574" modifyDate="2013-12-04"> <cvsscode>7.5</cvsscode> <severity>Critical</severity> <name>THTTPD基本验证缓冲区溢出</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>THTTPD 1.95至2.21版本容易受到一个off-by-one缓冲区溢出的影响,这可能允许攻击者在目标机器上便于拒绝服务。</Description> <cnnvd>CNNVD-200112-237</cnnvd> <AlternateIds> <id name="CVE">CVE-2001-1496</id> </AlternateIds> <Solutions>Updated versions of thttpd have been made available.</Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="thttpd">
<version> <range> <low>1.95</low> <high inclusive="1">2.21</high> </range> </version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2007-01-26" gvid="ID104576" id="104576" modifyDate="2015-02-13"> <cvsscode>7.5</cvsscode> <severity>Critical</severity> <name>THTTPD defang() 缓冲区溢出</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>THTTPD 2.21至2.23版本的Beta 3易受defang()函数中的缓冲区溢出影响,它用&#39;&amp;gt;&#39; 和&#39;&amp;lt;&#39;替换 &#39;&gt;&#39; 和 &#39;&lt;&#39;。攻击者可通过提供有过长数字或上述字符的特制的HTTP请求强制thttpd服务崩溃。</Description> <cnnvd>CNNVD-200311-007</cnnvd> <AlternateIds> <id name="CVE">CVE-2003-0899</id> </AlternateIds> <Solutions>厂商补丁:
Debian
------
<a href="
http://www.debian.org/security/2003/dsa-396" target="_blank">
http://www.debian.org/security/2003/dsa-396</a></Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="thttpd">
<version> <range> <low>2.21</low> <high>2.24</high> </range> </version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2007-01-29" gvid="ID104577" id="104577" modifyDate="2013-12-04"> <cvsscode>7.2</cvsscode> <severity>Severe</severity> <name>多个THTTPD htpasswd漏洞</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>THTTPD 2.25 b版本及其之前版本包含一个htpasswd分布,它容易受到(1)缓冲区溢出和(2)可能允许本地攻击者破坏机器的任意命令执行漏洞
<ol>
<li>THTTPD/htpasswd未能在复制信息到内部缓冲区之前在用户提供的输入上进行适当的边界检查,这允许攻击者运行任意代码。</li>
<li>THTTPD/htpasswd未正确处理用户输入,这将允许攻击者在主机上运行任意命令。</li></ol></Description> <cnnvd></cnnvd> <AlternateIds> <id name="CVE">CVE-2006-1079,CVE-2006-1078</id> </AlternateIds> <Solutions></Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="thttpd">
<version> <range> <high inclusive="1">2.25b</high> </range> </version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2007-04-04" gvid="ID104578" id="104578" modifyDate="2017-12-18"> <cvsscode>9.3</cvsscode> <severity>Critical</severity> <name>THTTPD 废弃版</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>早于2.27的THTTPD版本是过时的。后续版本包含关键的安全性,性能和兼容性增强功能。建议您将THTTPD安装升级到最新版本。</Description> <AlternateIds> <id name="CVE"></id> </AlternateIds> <Solutions>目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
https://www.alice-dsl.de/</Solutions> <Check scope="endpoint"> <NetworkService type="HTTP">
<Product name="thttpd">
<version>
<range> <high>2.27</high> </range>
</version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2007-01-29" gvid="ID104579" id="104579" modifyDate="2013-12-04"> <cvsscode>7.5</cvsscode> <severity>Critical</severity> <name>THTTPD World 可读文件泄露</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>THTTPD 2.16至2.19版本包含一个文件披露漏洞,攻击者可通过附加&quot;..&quot;到包含cgi-脚本的ssi中的文件路径来查看服务器上的任意文件。</Description> <cnnvd>CNNVD-200012-114</cnnvd> <AlternateIds> <id name="CVE">CVE-2000-0900</id> </AlternateIds> <Solutions></Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="thttpd">
<version> <range> <low>2.16</low> <high inclusive="1">2.19</high> </range> </version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2007-01-29" gvid="ID104580" id="104580" modifyDate="2015-02-13"> <cvsscode>2.1</cvsscode> <severity>Moderate</severity> <name>THTTPD symlink任意文件写入</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>THTTPD 2.23之前版本允许本地用户通过&quot;start_thttpd&quot;临时文件上的一个符号链接攻击来创建或访问任意文件。</Description> <cnnvd>CNNVD-200511-149</cnnvd> <AlternateIds> <id name="CVE">CVE-2005-3124</id> </AlternateIds> <Solutions>目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.debian.org/security/2005/dsa-883
</Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="thttpd">
<version> <range> <high>2.23</high> </range> </version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2007-01-29" gvid="ID104581" id="104581" modifyDate="2013-12-04"> <cvsscode>7.5</cvsscode> <severity>Critical</severity> <name>THTTPD tdate_parse()缓冲区溢出</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>THTTPD 1.90a -2.04版本很容易受到tdate_parse()函数中的缓冲区溢出攻击。
攻击者可通过发送带有HTTP服务器的特制的&quot;If-Modified-Since&quot; 标头执行任意代码。</Description> <cnnvd>CNNVD-199911-054</cnnvd> <AlternateIds> <id name="CVE">CVE-1999-1457</id> </AlternateIds> <Solutions></Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="thttpd">
<version> <range> <low>1.90a</low> <high inclusive="1">2.04</high> </range> </version>
</Product>
</NetworkService> </Check> </Vulnerability> <Vulnerability addData="2007-01-29" gvid="ID104582" id="104582" modifyDate="2013-12-04"> <cvsscode>5.0</cvsscode> <severity>Severe</severity> <name>THTTPD VHOST主机名目录遍历漏洞</name> <Tags> <tag></tag> </Tags> <cvss></cvss> <Description>2.23之前版本的THTTPD易受目录遍历漏洞的影响。通过在启用vhost选项(-v)的thttpd服务器上指定http请求中的Host标头中的&quot;../..&quot;,攻击者可查看web服务器根路径的所有文件。</Description> <cnnvd>CNNVD-200305-039</cnnvd> <AlternateIds> <id name="CVE">CVE-2002-1562</id> </AlternateIds> <Solutions>SuSE has released an advisory (SuSE-SA:2003:044) to address this issue in SuSE Linux platforms. Affected users are advised to apply fixes as soon as possible. Further information regarding obtaining and applying these fixes can be found in the referenced advisory.
Debian has released an advisory (DSA 396-1) and fixes to address this issue in thttpd.
Conectiva has released a security advisory (CLA-2003:777) which contains fixes to address this issue. Users are advised to upgrade as soon as possible.
This issue has been addressed in thttpd 2.24 and mini_httpd 1.18.
Acme mini_httpd 1.0 0
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.0 1
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme thttpd 1.0
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme mini_httpd 1.10 0
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.11
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.12
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.13
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.14
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.15 b
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.15 c
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.15
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme mini_httpd 1.16
<ul><li>
Acme mini_httpd-1.18.tar.gz
<a href="
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz">
http://www.acme.com/software/mini_httpd/mini_httpd-1.18.tar.gz</a></li>
</ul>
Acme thttpd 1.90 a
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 1.95
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.1
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.2
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.3
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.4
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.5
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.6
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.7
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.8
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.0.9
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.10
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.11
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.12
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.13
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.14
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.15
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.16
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.17
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz">
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz</a></li>
</ul>
Acme thttpd 2.18
<ul><li>
Acme thttpd-2.24.tar.gz
<a href="
http://www.acme.com/software/thttpd/thttpd-2.24.tar.gz"</Solutions> <Check scope="endpoint"> <NetworkService type="HTTP|HTTPS">
<Product name="thttpd">
<version> <range> <high>2.23</high> </range> </version>
</Product>
</NetworkService> </Check> </Vulnerability></Vulns>