MidnightBSD

Advisories for eterna

CVE-2010-2195 MEDIUM

bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a "wrong code generation interaction with GCC."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eterna bozohttpd 20100512
eterna bozohttpd 20100509
eterna bozohttpd 20090522
CVE-2010-2320 MEDIUM

bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
eterna bozohttpd 20031005
eterna bozohttpd 20000426
eterna bozohttpd 20030409
eterna bozohttpd 20100509
eterna bozohttpd 20040218
eterna bozohttpd 20040808
eterna bozohttpd 20050410
eterna bozohttpd 20060517
eterna bozohttpd 20100512
eterna bozohttpd 20000815
eterna bozohttpd 20010922
eterna bozohttpd 20020710
eterna bozohttpd 20020804
eterna bozohttpd 20010812
eterna bozohttpd 20030626
eterna bozohttpd 20020913
eterna bozohttpd 20080303
eterna bozohttpd 20090417
eterna bozohttpd 20020803
eterna bozohttpd *
eterna bozohttpd 20090522
eterna bozohttpd 20010610
eterna bozohttpd 20000427
eterna bozohttpd 20020730
eterna bozohttpd 20020823
eterna bozohttpd 20000421
eterna bozohttpd 20021106
eterna bozohttpd 20060710
eterna bozohttpd 19990519
eterna bozohttpd 20000825
eterna bozohttpd 20030313
CVE-2014-5015 MEDIUM

bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
eterna bozohttpd 20100617
eterna bozohttpd 20031005
eterna bozohttpd 20100621
eterna bozohttpd 20000426
eterna bozohttpd 20030409
eterna bozohttpd 20111118
eterna bozohttpd 20100509
netbsd netbsd 6.0
eterna bozohttpd 20140102
eterna bozohttpd 20040218
eterna bozohttpd 20040808
eterna bozohttpd 20050410
netbsd netbsd 6.1
eterna bozohttpd 20060517
eterna bozohttpd 20100512
eterna bozohttpd 20000815
eterna bozohttpd 20010922
eterna bozohttpd 20020710
eterna bozohttpd 20020804
eterna bozohttpd 20010812
eterna bozohttpd 20030626
eterna bozohttpd 20020913
eterna bozohttpd 20080303
eterna bozohttpd 20090417
eterna bozohttpd 20100920
eterna bozohttpd 20020803
eterna bozohttpd *
eterna bozohttpd 20090522
netbsd netbsd 5.1
eterna bozohttpd 20010610
eterna bozohttpd 20000427
eterna bozohttpd 20020730
eterna bozohttpd 20020823
eterna bozohttpd 20000421
netbsd netbsd 5.2
eterna bozohttpd 20021106
eterna bozohttpd 20060710
eterna bozohttpd 19990519
eterna bozohttpd 20000825
eterna bozohttpd 20030313
CVE-2021-29376 MEDIUM

ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
eterna ircii *
debian debian_linux 9.0