CVE-2014-5015
Published: 24 July 2014
bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
Priority
Status
Package | Release | Status |
---|---|---|
bozohttpd Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(20111118-1+deb7u1build0.14.04.1)
|
|
upstream |
Released
(20140708)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|