Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2320

bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.

Published

2010-08-02T20:40:01.060

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	eterna	bozohttpd	≤ 20100617	Yes
Application	eterna	bozohttpd	19990519	Yes
Application	eterna	bozohttpd	20000421	Yes
Application	eterna	bozohttpd	20000426	Yes
Application	eterna	bozohttpd	20000427	Yes
Application	eterna	bozohttpd	20000815	Yes
Application	eterna	bozohttpd	20000825	Yes
Application	eterna	bozohttpd	20010610	Yes
Application	eterna	bozohttpd	20010812	Yes
Application	eterna	bozohttpd	20010922	Yes
Application	eterna	bozohttpd	20020710	Yes
Application	eterna	bozohttpd	20020730	Yes
Application	eterna	bozohttpd	20020803	Yes
Application	eterna	bozohttpd	20020804	Yes
Application	eterna	bozohttpd	20020823	Yes
Application	eterna	bozohttpd	20020913	Yes
Application	eterna	bozohttpd	20021106	Yes
Application	eterna	bozohttpd	20030313	Yes
Application	eterna	bozohttpd	20030409	Yes
Application	eterna	bozohttpd	20030626	Yes
Application	eterna	bozohttpd	20031005	Yes
Application	eterna	bozohttpd	20040218	Yes
Application	eterna	bozohttpd	20040808	Yes
Application	eterna	bozohttpd	20050410	Yes
Application	eterna	bozohttpd	20060517	Yes
Application	eterna	bozohttpd	20060710	Yes
Application	eterna	bozohttpd	20080303	Yes
Application	eterna	bozohttpd	20090417	Yes
Application	eterna	bozohttpd	20090522	Yes
Application	eterna	bozohttpd	20100509	Yes
Application	eterna	bozohttpd	20100512	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298 Exploit ([email protected])
http://secunia.com/advisories/40737 Vendor Advisory ([email protected])
http://security-tracker.debian.org/tracker/CVE-2010-2320 ([email protected])
http://www.eterna.com.au/bozohttpd/CHANGES ([email protected])
https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473 Exploit ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/60812 ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40737 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security-tracker.debian.org/tracker/CVE-2010-2320 (af854a3a-2127-422b-91ae-364da2661108)
http://www.eterna.com.au/bozohttpd/CHANGES (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60812 (af854a3a-2127-422b-91ae-364da2661108)