HTTP Authentication Bypass in BozoHTTPD on NetBSD
CVE-2014-5015

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd; Bozohttpd
Vendor: CVE Published:; 24 July 2014

What is CVE-2014-5015?

BozoHTTPD, a lightweight HTTP server used in NetBSD, contains a vulnerability that allows attackers to bypass authentication restrictions. This occurs due to a flaw in the path checking mechanism associated with .htpasswd files, which leads to improper handling of long paths. Attackers can exploit this issue to gain unauthorized access to protected resources, compromising the security of the affected servers.

References

http://www.securityfocus.com/bid/68752

vdb-entryx_refsource_BID

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBS...

vendor-advisoryx_refsource_NETBSD

http://www.eterna.com.au/bozohttpd/CHANGES

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
Jul 18, 2014

CVE-2014-5015 Data

JSON

Netbsd

What is CVE-2014-5015?

References

Timeline