CVE-2001-0834

Severity

64%

Complexity

99%

Confidentiality

81%

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P).

Overview

First reported 23 years ago

2001-12-06 05:00:00

Last updated 7 years ago

2017-10-10 01:29:00

Affected Software

Conectiva Conectiva Linux 5.0

5.0

Conectiva Conectiva Linux 5.1

5.1

Conectiva Conectiva Linux 6.0

6.0

Conectiva Conectiva Linux 7.0

7.0

Debian Debian Linux 2.2

2.2

SuSE SuSE Linux 6.3

6.3

SuSE SuSE Linux 6.4

6.4

SuSE SuSE Linux 7.0

7.0

SuSE SuSE Linux 7.1

7.1

SuSE SuSE Linux 7.2

7.2

SuSE SuSE Linux 7.3

7.3

References

CLA-2001:429

Patch, Vendor Advisory

20011007 Re: Bug found in ht://Dig htsearch CGI

http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593

CSSA-2001-035.0

DSA-080