thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sthttpd | Open_source_development_team | 2.26.3 | 2.26.3 |
Sthttpd | Open_source_development_team | 2.26 | 2.26 |
Sthttpd | Open_source_development_team | 2.26.1 | 2.26.1 |
Sthttpd | Open_source_development_team | 2.26.2 | 2.26.2 |
Sthttpd | Open_source_development_team | * | 2.26.4 |