CVE-2010-2320

bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298	Exploit
http://security-tracker.debian.org/tracker/CVE-2010-2320
https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473	Exploit
http://www.eterna.com.au/bozohttpd/CHANGES
http://secunia.com/advisories/40737	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60812

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eterna:bozohttpd:20100512:::::::*
	cpe:2.3:a:eterna:bozohttpd:20090522:::::::*
	cpe:2.3:a:eterna:bozohttpd:20040218:::::::*
	cpe:2.3:a:eterna:bozohttpd:20060517:::::::*
	cpe:2.3:a:eterna:bozohttpd:20020730:::::::*
	cpe:2.3:a:eterna:bozohttpd:20090417:::::::*
	cpe:2.3:a:eterna:bozohttpd:20000427:::::::*
	cpe:2.3:a:eterna:bozohttpd:20000815:::::::*
	cpe:2.3:a:eterna:bozohttpd:20030313:::::::*
	cpe:2.3:a:eterna:bozohttpd:20031005:::::::*
	cpe:2.3:a:eterna:bozohttpd:20080303:::::::*
	cpe:2.3:a:eterna:bozohttpd:20000421:::::::*
	cpe:2.3:a:eterna:bozohttpd:20000825:::::::*
	cpe:2.3:a:eterna:bozohttpd:20021106:::::::*
	cpe:2.3:a:eterna:bozohttpd:20060710:::::::*
	cpe:2.3:a:eterna:bozohttpd:20020803:::::::*
	cpe:2.3:a:eterna:bozohttpd:20020804:::::::*
	cpe:2.3:a:eterna:bozohttpd:20050410:::::::*
	cpe:2.3:a:eterna:bozohttpd:20040808:::::::*
	cpe:2.3:a:eterna:bozohttpd:20030626:::::::*
	cpe:2.3:a:eterna:bozohttpd:20030409:::::::*
	cpe:2.3:a:eterna:bozohttpd:20100509:::::::*
	cpe:2.3:a:eterna:bozohttpd:20010922:::::::*
	cpe:2.3:a:eterna:bozohttpd:20020710:::::::*
	cpe:2.3:a:eterna:bozohttpd:20000426:::::::*
	cpe:2.3:a:eterna:bozohttpd:20010812:::::::*
	cpe:2.3:a:eterna:bozohttpd:20020913:::::::*
	cpe:2.3:a:eterna:bozohttpd::::::::
	cpe:2.3:a:eterna:bozohttpd:19990519:::::::*
	cpe:2.3:a:eterna:bozohttpd:20010610:::::::*
	cpe:2.3:a:eterna:bozohttpd:20020823:::::::*

Information

Published : 2010-08-02 13:40

Updated : 2017-08-16 18:32

NVD link : CVE-2010-2320

Mitre link : CVE-2010-2320

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

eterna

bozohttpd

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://security-tracker.debian.org/tracker/CVE-2010-2320", "name": "http://security-tracker.debian.org/tracker/CVE-2010-2320", "tags": [], "refsource": "CONFIRM"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473", "name": "https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473", "tags": ["Exploit"], "refsource": "CONFIRM"}, {"url": "http://www.eterna.com.au/bozohttpd/CHANGES", "name": "http://www.eterna.com.au/bozohttpd/CHANGES", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/40737", "name": "40737", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60812", "name": "bozohttp-publichtml-info-disclosure(60812)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2320", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-08-02T20:40Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20100512:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20090522:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20040218:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20060517:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20020730:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20090417:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20000427:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20000815:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20030313:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20031005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20080303:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20000421:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20000825:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20021106:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20060710:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20020803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20020804:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20050410:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20040808:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20030626:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20030409:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20100509:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20010922:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20020710:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20000426:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20010812:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20020913:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "20100617"}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:19990519:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20010610:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eterna:bozohttpd:20020823:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:32Z"}

5.0 /10