Vulnerability Details : CVE-2003-0899
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Vulnerability category: OverflowExecute code
Products affected by CVE-2003-0899
- cpe:2.3:a:acme:thttpd:*:*:*:*:*:*:*:*
- cpe:2.3:a:acme:thttpd:2.23:-:*:*:*:*:*:*
- cpe:2.3:a:acme:thttpd:2.23:b1:*:*:*:*:*:*
Threat overview for CVE-2003-0899
Top countries where our scanners detected CVE-2003-0899
Top open port discovered on systems with this issue
22
IPs affected by CVE-2003-0899 472
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2003-0899!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2003-0899
19.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0899
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-02-02 |
CWE ids for CVE-2003-0899
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-0899
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/13530
thttpd defang function buffer overflow CVE-2003-0899 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/8906
Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry
-
http://www.osvdb.org/2729
404 Not FoundBroken Link
-
http://marc.info/?l=bugtraq&m=106729188224252&w=2
'Remote overflow in thttpd' - MARCExploit;Mailing List
-
http://secunia.com/advisories/10092
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
-
http://www.texonet.com/advisories/TEXONET-20030908.txt
Just a moment...Broken Link
-
https://www.debian.org/security/2003/dsa-396
Debian -- Security Information -- DSA-396-1 thttpdBroken Link
Jump to