thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sthttpd | Open_source_development_team | * | 2.26.4 (including) |
Sthttpd | Open_source_development_team | 2.26 (including) | 2.26 (including) |
Sthttpd | Open_source_development_team | 2.26.1 (including) | 2.26.1 (including) |
Sthttpd | Open_source_development_team | 2.26.2 (including) | 2.26.2 (including) |
Sthttpd | Open_source_development_team | 2.26.3 (including) | 2.26.3 (including) |