Bug 47792 (CVE-2003-0899)

Summary:	VUL-0: CVE-2003-0899: thttpd arbitrary code execution / directory traversal
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Dirk Mueller <dmueller>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium
Version:	unspecified
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	CVE-2003-0899: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Dirk Mueller 2003-10-30 03:29:34 UTC

Two unpatched vulnerabilities exist in thttpd:  
 
http://marc.theaimsgroup.com/?l=thttpd&m=103609565110472&w=2 
http://marc.theaimsgroup.com/?l=thttpd&m=106736210902803&w=2 
 
the CVE's are CAN-2002-1562 and CAN-2003-0899 
 
both are fixed in the 2.24 release.

Comment 1 Thomas Biege 2003-10-30 15:27:07 UTC

update packages approved.

Comment 2 Thomas Biege 2009-10-13 19:41:24 UTC

CVE-2003-0899: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)