MidnightBSD

Advisories for htdig

CVE-2000-0208 MEDIUM

The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
htdig htdig 3.1.4
htdig htdig 3.2.0b1
htdig htdig 3.1.2
htdig htdig 3.1.3
htdig htdig 3.1.1
CVE-2001-0834 MEDIUM

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 5.1
htdig htdig *
conectiva linux 5.0
debian debian_linux 2.2
suse suse_linux 7.3
suse suse_linux 7.0
conectiva linux 6.0
suse suse_linux 6.3
conectiva linux 7.0
suse suse_linux 7.1
suse suse_linux 7.2
suse suse_linux 6.4
CVE-2002-2010 MEDIUM

Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
htdig htdig 3.1.5
htdig htdig 3.1.6
htdig htdig 3.2.0b3
htdig htdig 3.2.0
CVE-2005-0085 MEDIUM

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 8.0
htdig htdig 3.1.5
htdig htdig 3.2.0b5
htdig htdig 3.2.0b3
mandrakesoft mandrake_linux_corporate_server 2.1
htdig htdig 3.1.5_8
htdig htdig 3.2.0b2
htdig htdig 3.2.0b4
mandrakesoft mandrake_linux 10.1
redhat fedora_core core_3.0
htdig htdig 3.2.0b6
htdig htdig 3.1.6
mandrakesoft mandrake_linux_corporate_server 3.0
suse suse_linux 9.1
mandrakesoft mandrake_linux 10.0
htdig htdig 3.2.0
suse suse_linux 8.1
suse suse_linux 9.2
suse suse_linux 8.2
suse suse_linux 9.0
htdig htdig 3.1.5_7