CGI Handling Flaw in NetBSD Affecting Multiple Versions
CVE-2015-8212

9.8CRITICAL

Key Information:

Vendor: Netbsd
Status: Netbsd
Vendor: CVE Published:; 19 January 2017

What is CVE-2015-8212?

A CGI handling flaw exists in the bozohttpd server included in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0. This vulnerability can allow remote attackers to execute arbitrary code by sending crafted arguments that are processed by an unaware program, posing significant security risks to affected installations.

References

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetB...

vendor-advisoryx_refsource_NETBSD

http://www.securitytracker.com/id/1035673

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2017
Vulnerability Reserved
Nov 14, 2015

CVE-2015-8212 Data

JSON

Netbsd

What is CVE-2015-8212?

References

CVSS V3.1

Timeline