CVE Vulnerabilities

CVE-2001-0834

Published: Dec 06, 2001 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Affected Software

Name Vendor Start Version End Version
Htdig Htdig * 3.1.5
Linux Conectiva 5.0 5.0
Linux Conectiva 5.1 5.1
Linux Conectiva 6.0 6.0
Linux Conectiva 7.0 7.0

References