bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: debian

Published: 2014-07-24T14:00:00

Updated: 2024-08-06T11:34:37.205Z

Reserved: 2014-07-18T00:00:00

Link: CVE-2014-5015

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-07-24T14:55:09.583

Modified: 2024-11-21T02:11:17.127

Link: CVE-2014-5015

cve-icon Redhat

No data.