CVE-2001-0834

by Fred · 09/03/2002

htsearch CGI program in htdig () 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Date published : 2002-03-09

http://www.securityfocus.com/bid/3410

http://marc.info/?l=bugtraq&m=100260195401753&w=2

CVE-2001-0834

Similar

Recent Posts

Categories

CVE-2001-0834

Share this:

Similar

Recent Posts

Categories

Tags