Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:10784
Category:CGI abuses
Title:ht://Dig's htsearch potential exposure/dos

The remote CGI htsearch allows the user to supply his own
configuration file using the '-c' switch, as in :


This file is not displayed by htsearch. However, if an
attacker manages to upload a configuration file to the remote
server, it may make htsearch read arbitrary files on the remote host.

An attacker may also use this flaw to exhaust the resources on the
remote host by specifying /dev/zero as a configuration file.

Solution: Upgrade to ht://Dig 3.1.6 or newer

Risk factor : High

Cross-Ref: BugTraq ID: 3410
Common Vulnerability Exposure (CVE) ID: CVE-2001-0834
Bugtraq: 20011007 Re: Bug found in ht://Dig htsearch CGI (Google Search)
Caldera Security Advisory: CSSA-2001-035.0
Conectiva Linux advisory: CLA-2001:429
Debian Security Information: DSA-080 (Google Search)
SuSE Security Announcement: SuSE-SA:2001:035 (Google Search)
XForce ISS Database: htdig-htsearch-infinite-loop(7262)
XForce ISS Database: htdig-htsearch-retrieve-files(7263)
CopyrightCopyright (C) 2001 Renaud Deraison

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.