Home/Product/acme labs thttpd
Product

acme labs thttpd

20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2007-0158
all versions
thttpd 2007 has buffer underflow.
9.8CRITICAL
 CVE-2012-5640
all versions
thttpd has a local DoS vulnerability via specially-crafted .htpasswd files
5.5MEDIUM
 CVE-2017-17663
< 2.28
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exp
9.8CRITICAL
 CVE-2013-0348
all versions
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local u
 CVE-2009-4491
all versions
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify
9.8CRITICAL
 CVE-2007-0664
<= 2.24
thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, whic
 CVE-2006-4248
all versions
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink
 CVE-2006-1079
all versions
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via
 CVE-2006-1078
all versions
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local
8.4HIGH
 CVE-2005-3124
all versions
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
 CVE-2004-2628
all versions
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbi
 CVE-2003-0899
>= 2.21 and < 2.23
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests t
9.8CRITICAL
 CVE-2002-1562
all versions
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (d
 CVE-2002-0733
all versions
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a n
 CVE-2001-1496
>= 1.95 and <= 2.20
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial
9.8CRITICAL
 CVE-2001-0892
<= 2.22
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under th
 CVE-2000-0900
all versions
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files vi
 CVE-2000-0359
all versions
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a
 CVE-1999-1456
<= 2.03
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading /
 CVE-1999-1457
<= 2.04
Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string,
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin