bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: debian
Published: 2014-07-24T14:00:00
Updated: 2024-08-06T11:34:37.205Z
Reserved: 2014-07-18T00:00:00
Link: CVE-2014-5015
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-07-24T14:55:09.583
Modified: 2024-11-21T02:11:17.127
Link: CVE-2014-5015
Redhat
No data.