47792 – (CVE-2003-0899) VUL-0: CVE-2003-0899: thttpd arbitrary code execution / directory traversal

Bug 47792 (CVE-2003-0899) - VUL-0: CVE-2003-0899: thttpd arbitrary code execution / directory traversal

Summary: VUL-0: CVE-2003-0899: thttpd arbitrary code execution / directory traversal

Status:	RESOLVED FIXED

Alias:	CVE-2003-0899

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2003-0899: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2003-10-30 03:29 UTC by Dirk Mueller
Modified:	2021-09-30 15:05 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Mueller 2003-10-30 03:29:34 UTC

Two unpatched vulnerabilities exist in thttpd:  
 
http://marc.theaimsgroup.com/?l=thttpd&m=103609565110472&w=2 
http://marc.theaimsgroup.com/?l=thttpd&m=106736210902803&w=2 
 
the CVE's are CAN-2002-1562 and CAN-2003-0899 
 
both are fixed in the 2.24 release.

Comment 1 Thomas Biege 2003-10-30 15:27:07 UTC

update packages approved.

Comment 2 Thomas Biege 2009-10-13 19:41:24 UTC

CVE-2003-0899: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)