CVE-2003-0899

CVSS V2 High 7.5 CVSS V3 None
Description
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Overview
  • CVE ID
  • CVE-2003-0899
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2003-11-03T05:00:00
  • Last Modified Date
  • 2017-07-11T01:29:38
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:acme_labs:thttpd:2.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:acme_labs:thttpd:2.21b:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:acme_labs:thttpd:2.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:acme_labs:thttpd:2.23b1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/8906 Exploit Patch
http://www.texonet.com/advisories/TEXONET-20030908.txt
http://www.osvdb.org/2729
http://secunia.com/advisories/10092 Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=106729188224252&w=2
https://www.debian.org/security/2003/dsa-396
https://exchange.xforce.ibmcloud.com/vulnerabilities/13530
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2003-0899
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0899
History
Created Old Value New Value Data Type Notes
2022-05-10 09:37:03 Added to TrackCVE