Vulnerability Details CVE-2003-0899
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.292
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=106729188224252&w=2
- http://secunia.com/advisories/10092
- http://www.osvdb.org/2729
- http://www.securityfocus.com/bid/8906
- http://www.texonet.com/advisories/TEXONET-20030908.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13530
- https://www.debian.org/security/2003/dsa-396
- http://marc.info/?l=bugtraq&m=106729188224252&w=2
- http://secunia.com/advisories/10092
- http://www.osvdb.org/2729
- http://www.securityfocus.com/bid/8906
- http://www.texonet.com/advisories/TEXONET-20030908.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13530
- https://www.debian.org/security/2003/dsa-396