Back to search
CVE-2001-0834
Published: Mar 9, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-080
vendor-advisory
x_refsource_DEBIAN
CSSA-2001-035.0
vendor-advisory
x_refsource_CALDERA
CLA-2001:429
vendor-advisory
x_refsource_CONECTIVA
3410
vdb-entry
x_refsource_BID
SuSE-SA:2001:035
vendor-advisory
x_refsource_SUSE
htdig-htsearch-retrieve-files(7263)
vdb-entry
x_refsource_XF
20011007 Re: Bug found in ht://Dig htsearch CGI
mailing-list
x_refsource_BUGTRAQ
MDKSA-2001:083
vendor-advisory
x_refsource_MANDRAKE
htdig-htsearch-infinite-loop(7262)
vdb-entry
x_refsource_XF
RHSA-2001:139
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now