Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2010-2320

Published: Aug 02, 2010 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2010-2320
CWEhttps://cwe.mitre.org/data/definitions/264.html

bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.

Affected Software

Name Vendor Start Version End Version
Bozohttpd Eterna * 20100617 (including)
Bozohttpd Eterna 19990519 (including) 19990519 (including)
Bozohttpd Eterna 20000421 (including) 20000421 (including)
Bozohttpd Eterna 20000426 (including) 20000426 (including)
Bozohttpd Eterna 20000427 (including) 20000427 (including)
Bozohttpd Eterna 20000815 (including) 20000815 (including)
Bozohttpd Eterna 20000825 (including) 20000825 (including)
Bozohttpd Eterna 20010610 (including) 20010610 (including)
Bozohttpd Eterna 20010812 (including) 20010812 (including)
Bozohttpd Eterna 20010922 (including) 20010922 (including)
Bozohttpd Eterna 20020710 (including) 20020710 (including)
Bozohttpd Eterna 20020730 (including) 20020730 (including)
Bozohttpd Eterna 20020803 (including) 20020803 (including)
Bozohttpd Eterna 20020804 (including) 20020804 (including)
Bozohttpd Eterna 20020823 (including) 20020823 (including)
Bozohttpd Eterna 20020913 (including) 20020913 (including)
Bozohttpd Eterna 20021106 (including) 20021106 (including)
Bozohttpd Eterna 20030313 (including) 20030313 (including)
Bozohttpd Eterna 20030409 (including) 20030409 (including)
Bozohttpd Eterna 20030626 (including) 20030626 (including)
Bozohttpd Eterna 20031005 (including) 20031005 (including)
Bozohttpd Eterna 20040218 (including) 20040218 (including)
Bozohttpd Eterna 20040808 (including) 20040808 (including)
Bozohttpd Eterna 20050410 (including) 20050410 (including)
Bozohttpd Eterna 20060517 (including) 20060517 (including)
Bozohttpd Eterna 20060710 (including) 20060710 (including)
Bozohttpd Eterna 20080303 (including) 20080303 (including)
Bozohttpd Eterna 20090417 (including) 20090417 (including)
Bozohttpd Eterna 20090522 (including) 20090522 (including)
Bozohttpd Eterna 20100509 (including) 20100509 (including)
Bozohttpd Eterna 20100512 (including) 20100512 (including)
Bozohttpd Ubuntu dapper *
Bozohttpd Ubuntu hardy *
Bozohttpd Ubuntu jaunty *
Bozohttpd Ubuntu karmic *
Bozohttpd Ubuntu lucid *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use