CVE-2014-5015
Published Jul 24, 2014
Last updated 7 years ago
Overview
- Description
- bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
- Source
- security@debian.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EF2AF0F-2373-43F6-8148-914EF4D178E5",
"versionEndIncluding": "20140201"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:19990519:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5BA38EE-559D-4341-8291-788C74EE4346"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20000421:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "930F7A3F-A7C8-4603-A4E5-9AB3C27F7355"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20000426:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0A6287D-F9C0-4934-84CA-22572806AE26"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20000427:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A9C2032-F26A-4D5B-A631-4EA68ABD4FE1"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20000815:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "860DBF31-9655-417A-B2C7-5F389B675FB6"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20000825:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E72B5243-904B-4E12-BD28-DDF03EEF6B45"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20010610:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FC42DDE-41C9-4DAA-8EB5-CC5D5FFDCCC9"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20010812:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17457601-F61A-444D-8E33-0FE0ED723F61"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20010922:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20EAEC35-E205-4717-826D-F4D1FCA6DC6C"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20020710:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA4A13CA-DCB0-4C1F-A3DA-27A36BC116B8"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20020730:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D86758B-C34A-4689-9B3A-9CF614D2E4F9"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20020803:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "732DBCCD-B38A-47B7-BD4B-4EE4CF370AF2"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20020804:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FB916FC-4FB9-48EF-8D46-26C29D35DCD0"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20020823:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAB26F26-3B1E-44BB-A8D1-FB823C2759B7"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20020913:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D2148E4-FB12-4613-8F55-1AB364363BFB"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20021106:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8EFEEB4-07C3-459F-A807-12A21AFD94F9"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20030313:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30FA69A8-657F-44A0-999D-89EA7E24072E"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20030409:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B41528DD-A3C0-40D9-9DCC-4C7962337BAA"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20030626:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "274EC529-8C50-44C3-96AE-9C636C9183B5"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20031005:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38A29464-13AF-474E-B0F6-BF65F44B3EE6"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20040218:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "579B9F00-9093-4D4B-9F19-0FBDA141FD31"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20040808:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB017665-6823-407E-AFF3-5A8C1848B3E6"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20050410:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13BE5871-6AB5-4A4B-BD7B-59D7D6161867"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20060517:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E00FD78-FCBF-4D10-AC00-73B6838758B0"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20060710:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "162B8DC7-76B5-45E3-8DF3-62C32AB0FB2B"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20080303:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7BAA49A-41BA-436B-902C-FCDE8C156C2E"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20090417:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8280988-55E3-4A94-93E3-1064A8B54C8E"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20090522:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1668326-2B90-4D98-859C-CFDFD7811E13"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20100509:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "620F61ED-B77F-48B7-93EA-7089A9C0BBE9"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20100512:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4F081AF-5022-44B4-BBB7-108374DDFADB"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20100617:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68B361C0-AC14-4386-8AA1-94273A1B3FF1"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20100621:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECE40B8D-B3EA-427A-8539-E9F502806279"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20100920:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3725C5D4-E464-4E64-BA2E-F6A60F5E4B9C"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20111118:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75CFA0D4-530C-4B15-B6D8-8D5E92E1A50F"
},
{
"criteria": "cpe:2.3:a:eterna:bozohttpd:20140102:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7845A2CA-B83F-479A-B263-9824F13B21BC"
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "730917F8-E1F4-4836-B05A-16B2BA5774DC"
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3407906D-EF23-4812-A597-F0E863DE17B6"
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C23BD3A0-E5AD-4893-AAAF-E2858B4128CF"
},
{
"criteria": "cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69CAE756-335E-4E02-83F9-B274D416775C"
}
],
"operator": "OR"
}
]
}
]