Vulnerability Name:

CVE-2001-0834 (CCN-7262)

Assigned:2001-10-09
Published:2001-10-09
Updated:2017-10-10
Summary:htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2001-035.0
Linux - Remote File View Problem in htdig

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:429
ht://Dig DoS and remote exposure

Source: MITRE
Type: CNA
CVE-2001-0834

Source: CONECTIVA
Type: Patch, Vendor Advisory
CLA-2001:429

Source: BUGTRAQ
Type: UNKNOWN
20011007 Re: Bug found in ht://Dig htsearch CGI

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBTL0205-041
Security vulnerability in htdig

Source: CCN
Type: RHSA-2001-139
Updated htdig packages are available

Source: MISC
Type: UNKNOWN
http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593

Source: CALDERA
Type: UNKNOWN
CSSA-2001-035.0

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-080

Source: DEBIAN
Type: DSA-080
htdig -- unauthorized gathering of data

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2001:083

Source: SUSE
Type: UNKNOWN
SuSE-SA:2001:035

Source: REDHAT
Type: UNKNOWN
RHSA-2001:139

Source: BID
Type: UNKNOWN
3410

Source: CCN
Type: BID-3410
ht://Dig Remote Denial of Service/File Disclosure Vulnerability

Source: XF
Type: UNKNOWN
htdig-htsearch-infinite-loop(7262)

Source: XF
Type: UNKNOWN
htdig-htsearch-infinite-loop(7262)

Source: XF
Type: UNKNOWN
htdig-htsearch-retrieve-files(7263)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:htdig:htdig:*:*:*:*:*:*:*:* (Version <= 3.1.5)
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:secure_os:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2001-0834 (CCN-7263)

    Assigned:2001-10-09
    Published:2001-10-09
    Updated:2017-10-10
    Summary:htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
    CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): High
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): Partial
    7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): None
    Availibility (A): None
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Obtain Information
    References:Source: CCN
    Type: Caldera International, Inc. Security Advisory CSSA-2001-035.0
    Linux - Remote File View Problem in htdig

    Source: CCN
    Type: Conectiva Linux Announcement CLSA-2001:429
    ht://Dig DoS and remote exposure

    Source: MITRE
    Type: CNA
    CVE-2001-0834

    Source: CCN
    Type: Hewlett-Packard Company Security Bulletin HPSBTL0205-041
    Security vulnerability in htdig

    Source: CCN
    Type: RHSA-2001-139
    Updated htdig packages are available

    Source: DEBIAN
    Type: DSA-080
    htdig -- unauthorized gathering of data

    Source: CCN
    Type: BID-3410
    ht://Dig Remote Denial of Service/File Disclosure Vulnerability

    Source: CCN
    Type: SuSE Security Announcement SuSE-SA:2001:035
    htdig

    Source: XF
    Type: UNKNOWN
    htdig-htsearch-retrieve-files(7263)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:secure_os:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:80
    V
    		unauthorized gathering of data
    2001-10-17
    BACK
    htdig htdig *
    conectiva linux 5.0
    conectiva linux 5.1
    conectiva linux 6.0
    conectiva linux 7.0
    debian debian linux 2.2
    suse suse linux 6.3
    suse suse linux 6.4
    suse suse linux 7.0
    suse suse linux 7.1
    suse suse linux 7.2
    suse suse linux 7.3
    debian debian linux 2.2
    redhat linux 7
    conectiva linux 6.0
    redhat linux 7.1
    conectiva linux 5.0
    conectiva linux 5.1
    conectiva linux 7.0
    redhat linux 7.2
    hp secure os 1.0
    redhat linux 7.3
    suse suse linux 6.3
    suse suse linux 6.4
    debian debian linux 2.2
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    suse suse linux 7.0
    conectiva linux 6.0
    suse suse linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    conectiva linux 5.0
    conectiva linux 5.1
    suse suse linux 7.2
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    hp secure os 1.0
    suse suse linux 7.3
    redhat linux 7.3