bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bozohttpd | Eterna | * | 20140201 (including) |
| Bozohttpd | Eterna | 19990519 (including) | 19990519 (including) |
| Bozohttpd | Eterna | 20000421 (including) | 20000421 (including) |
| Bozohttpd | Eterna | 20000426 (including) | 20000426 (including) |
| Bozohttpd | Eterna | 20000427 (including) | 20000427 (including) |
| Bozohttpd | Eterna | 20000815 (including) | 20000815 (including) |
| Bozohttpd | Eterna | 20000825 (including) | 20000825 (including) |
| Bozohttpd | Eterna | 20010610 (including) | 20010610 (including) |
| Bozohttpd | Eterna | 20010812 (including) | 20010812 (including) |
| Bozohttpd | Eterna | 20010922 (including) | 20010922 (including) |
| Bozohttpd | Eterna | 20020710 (including) | 20020710 (including) |
| Bozohttpd | Eterna | 20020730 (including) | 20020730 (including) |
| Bozohttpd | Eterna | 20020803 (including) | 20020803 (including) |
| Bozohttpd | Eterna | 20020804 (including) | 20020804 (including) |
| Bozohttpd | Eterna | 20020823 (including) | 20020823 (including) |
| Bozohttpd | Eterna | 20020913 (including) | 20020913 (including) |
| Bozohttpd | Eterna | 20021106 (including) | 20021106 (including) |
| Bozohttpd | Eterna | 20030313 (including) | 20030313 (including) |
| Bozohttpd | Eterna | 20030409 (including) | 20030409 (including) |
| Bozohttpd | Eterna | 20030626 (including) | 20030626 (including) |
| Bozohttpd | Eterna | 20031005 (including) | 20031005 (including) |
| Bozohttpd | Eterna | 20040218 (including) | 20040218 (including) |
| Bozohttpd | Eterna | 20040808 (including) | 20040808 (including) |
| Bozohttpd | Eterna | 20050410 (including) | 20050410 (including) |
| Bozohttpd | Eterna | 20060517 (including) | 20060517 (including) |
| Bozohttpd | Eterna | 20060710 (including) | 20060710 (including) |
| Bozohttpd | Eterna | 20080303 (including) | 20080303 (including) |
| Bozohttpd | Eterna | 20090417 (including) | 20090417 (including) |
| Bozohttpd | Eterna | 20090522 (including) | 20090522 (including) |
| Bozohttpd | Eterna | 20100509 (including) | 20100509 (including) |
| Bozohttpd | Eterna | 20100512 (including) | 20100512 (including) |
| Bozohttpd | Eterna | 20100617 (including) | 20100617 (including) |
| Bozohttpd | Eterna | 20100621 (including) | 20100621 (including) |
| Bozohttpd | Eterna | 20100920 (including) | 20100920 (including) |
| Bozohttpd | Eterna | 20111118 (including) | 20111118 (including) |
| Bozohttpd | Eterna | 20140102 (including) | 20140102 (including) |
| Netbsd | Netbsd | 5.1 (including) | 5.1 (including) |
| Netbsd | Netbsd | 5.2 (including) | 5.2 (including) |
| Netbsd | Netbsd | 6.0 (including) | 6.0 (including) |
| Netbsd | Netbsd | 6.1 (including) | 6.1 (including) |
| Bozohttpd | Ubuntu | lucid | * |
| Bozohttpd | Ubuntu | precise | * |
| Bozohttpd | Ubuntu | trusty | * |
| Bozohttpd | Ubuntu | upstream | * |
| Bozohttpd | Ubuntu | utopic | * |