CVE-2014-5015

Publication date 24 July 2014

Last updated 24 July 2024

Ubuntu priority

Description

bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bozohttpd	17.04 zesty	Not in release
	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	15.04 vivid	Not in release
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Fixed 20111118-1+deb7u1build0.14.04.1
	12.04 LTS precise	Ignored end of life
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://marc.info/?l=oss-security&m=140572157701095&w=2
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc
http://www.eterna.com.au/bozohttpd/
https://www.cve.org/CVERecord?id=CVE-2014-5015