Bug 47792 - (CVE-2003-0899) VUL-0: CVE-2003-0899: thttpd arbitrary code execution / directory traversal
(CVE-2003-0899)
VUL-0: CVE-2003-0899: thttpd arbitrary code execution / directory traversal
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All Linux
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVE-2003-0899: CVSS v2 Base Score: 7....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-30 03:29 UTC by Dirk Mueller
Modified: 2021-09-30 15:05 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Mueller 2003-10-30 03:29:34 UTC
Two unpatched vulnerabilities exist in thttpd:  
 
http://marc.theaimsgroup.com/?l=thttpd&m=103609565110472&w=2 
http://marc.theaimsgroup.com/?l=thttpd&m=106736210902803&w=2 
 
the CVE's are CAN-2002-1562 and CAN-2003-0899 
 
both are fixed in the 2.24 release.
Comment 1 Thomas Biege 2003-10-30 15:27:07 UTC
update packages approved. 
Comment 2 Thomas Biege 2009-10-13 19:41:24 UTC
CVE-2003-0899: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)