{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "68752", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68752"}, {"name": "NetBSD-SA2014-007", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.eterna.com.au/bozohttpd/CHANGES"}, {"name": "109283", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/109283"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.eterna.com.au/bozohttpd/"}, {"name": "netbsd-cve20145015-info-disc(94751)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94751"}, {"name": "[oss-security] 20140718 Re: CVE Request: bozohttpd: basic http authentication bypass", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q3/180"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2014-5015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "68752", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68752"}, {"name": "NetBSD-SA2014-007", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc"}, {"name": "http://www.eterna.com.au/bozohttpd/CHANGES", "refsource": "CONFIRM", "url": "http://www.eterna.com.au/bozohttpd/CHANGES"}, {"name": "109283", "refsource": "OSVDB", "url": "http://www.osvdb.org/109283"}, {"name": "http://www.eterna.com.au/bozohttpd/", "refsource": "CONFIRM", "url": "http://www.eterna.com.au/bozohttpd/"}, {"name": "netbsd-cve20145015-info-disc(94751)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94751"}, {"name": "[oss-security] 20140718 Re: CVE Request: bozohttpd: basic http authentication bypass", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q3/180"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:37.205Z"}, "title": "CVE Program Container", "references": [{"name": "68752", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68752"}, {"name": "NetBSD-SA2014-007", "tags": ["vendor-advisory", "x_refsource_NETBSD", "x_transferred"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.eterna.com.au/bozohttpd/CHANGES"}, {"name": "109283", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/109283"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.eterna.com.au/bozohttpd/"}, {"name": "netbsd-cve20145015-info-disc(94751)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94751"}, {"name": "[oss-security] 20140718 Re: CVE Request: bozohttpd: basic http authentication bypass", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q3/180"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2014-5015", "datePublished": "2014-07-24T14:00:00.000Z", "dateReserved": "2014-07-18T00:00:00.000Z", "dateUpdated": "2024-08-06T11:34:37.205Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eterna:bozohttpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EF2AF0F-2373-43F6-8148-914EF4D178E5", "versionEndIncluding": "20140201", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:19990519:*:*:*:*:*:*:*", "matchCriteriaId": "A5BA38EE-559D-4341-8291-788C74EE4346", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20000421:*:*:*:*:*:*:*", "matchCriteriaId": "930F7A3F-A7C8-4603-A4E5-9AB3C27F7355", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20000426:*:*:*:*:*:*:*", "matchCriteriaId": "F0A6287D-F9C0-4934-84CA-22572806AE26", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20000427:*:*:*:*:*:*:*", "matchCriteriaId": "0A9C2032-F26A-4D5B-A631-4EA68ABD4FE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20000815:*:*:*:*:*:*:*", "matchCriteriaId": "860DBF31-9655-417A-B2C7-5F389B675FB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20000825:*:*:*:*:*:*:*", "matchCriteriaId": "E72B5243-904B-4E12-BD28-DDF03EEF6B45", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20010610:*:*:*:*:*:*:*", "matchCriteriaId": "7FC42DDE-41C9-4DAA-8EB5-CC5D5FFDCCC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20010812:*:*:*:*:*:*:*", "matchCriteriaId": "17457601-F61A-444D-8E33-0FE0ED723F61", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20010922:*:*:*:*:*:*:*", "matchCriteriaId": "20EAEC35-E205-4717-826D-F4D1FCA6DC6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20020710:*:*:*:*:*:*:*", "matchCriteriaId": "EA4A13CA-DCB0-4C1F-A3DA-27A36BC116B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20020730:*:*:*:*:*:*:*", "matchCriteriaId": "3D86758B-C34A-4689-9B3A-9CF614D2E4F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20020803:*:*:*:*:*:*:*", "matchCriteriaId": "732DBCCD-B38A-47B7-BD4B-4EE4CF370AF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20020804:*:*:*:*:*:*:*", "matchCriteriaId": "9FB916FC-4FB9-48EF-8D46-26C29D35DCD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20020823:*:*:*:*:*:*:*", "matchCriteriaId": "EAB26F26-3B1E-44BB-A8D1-FB823C2759B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20020913:*:*:*:*:*:*:*", "matchCriteriaId": "5D2148E4-FB12-4613-8F55-1AB364363BFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20021106:*:*:*:*:*:*:*", "matchCriteriaId": "C8EFEEB4-07C3-459F-A807-12A21AFD94F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20030313:*:*:*:*:*:*:*", "matchCriteriaId": "30FA69A8-657F-44A0-999D-89EA7E24072E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20030409:*:*:*:*:*:*:*", "matchCriteriaId": "B41528DD-A3C0-40D9-9DCC-4C7962337BAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20030626:*:*:*:*:*:*:*", "matchCriteriaId": "274EC529-8C50-44C3-96AE-9C636C9183B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20031005:*:*:*:*:*:*:*", "matchCriteriaId": "38A29464-13AF-474E-B0F6-BF65F44B3EE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20040218:*:*:*:*:*:*:*", "matchCriteriaId": "579B9F00-9093-4D4B-9F19-0FBDA141FD31", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20040808:*:*:*:*:*:*:*", "matchCriteriaId": "AB017665-6823-407E-AFF3-5A8C1848B3E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20050410:*:*:*:*:*:*:*", "matchCriteriaId": "13BE5871-6AB5-4A4B-BD7B-59D7D6161867", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20060517:*:*:*:*:*:*:*", "matchCriteriaId": "7E00FD78-FCBF-4D10-AC00-73B6838758B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20060710:*:*:*:*:*:*:*", "matchCriteriaId": "162B8DC7-76B5-45E3-8DF3-62C32AB0FB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20080303:*:*:*:*:*:*:*", "matchCriteriaId": "C7BAA49A-41BA-436B-902C-FCDE8C156C2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20090417:*:*:*:*:*:*:*", "matchCriteriaId": "A8280988-55E3-4A94-93E3-1064A8B54C8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20090522:*:*:*:*:*:*:*", "matchCriteriaId": "A1668326-2B90-4D98-859C-CFDFD7811E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20100509:*:*:*:*:*:*:*", "matchCriteriaId": "620F61ED-B77F-48B7-93EA-7089A9C0BBE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20100512:*:*:*:*:*:*:*", "matchCriteriaId": "C4F081AF-5022-44B4-BBB7-108374DDFADB", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20100617:*:*:*:*:*:*:*", "matchCriteriaId": "68B361C0-AC14-4386-8AA1-94273A1B3FF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20100621:*:*:*:*:*:*:*", "matchCriteriaId": "ECE40B8D-B3EA-427A-8539-E9F502806279", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20100920:*:*:*:*:*:*:*", "matchCriteriaId": "3725C5D4-E464-4E64-BA2E-F6A60F5E4B9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20111118:*:*:*:*:*:*:*", "matchCriteriaId": "75CFA0D4-530C-4B15-B6D8-8D5E92E1A50F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eterna:bozohttpd:20140102:*:*:*:*:*:*:*", "matchCriteriaId": "7845A2CA-B83F-479A-B263-9824F13B21BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "730917F8-E1F4-4836-B05A-16B2BA5774DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "3407906D-EF23-4812-A597-F0E863DE17B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C23BD3A0-E5AD-4893-AAAF-E2858B4128CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "69CAE756-335E-4E02-83F9-B274D416775C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path."}, {"lang": "es", "value": "El servidor HTTP bozotic (tambi\u00e9n conocido como bozohttpd) anterior a 20140708, utilizado en NetBSD, trunca las rutas cuando compruebe las restricciones .htpasswd, lo que permite a atacantes remotos evadir la esquema de la autenticaci\u00f3n HTTP y acceder a las restricciones a trav\u00e9s de una ruta larga."}], "id": "CVE-2014-5015", "lastModified": "2026-05-06T22:30:45.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-24T14:55:09.583", "references": [{"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc"}, {"source": "security@debian.org", "url": "http://seclists.org/oss-sec/2014/q3/180"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.eterna.com.au/bozohttpd/"}, {"source": "security@debian.org", "url": "http://www.eterna.com.au/bozohttpd/CHANGES"}, {"source": "security@debian.org", "url": "http://www.osvdb.org/109283"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/68752"}, {"source": "security@debian.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94751"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q3/180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.eterna.com.au/bozohttpd/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.eterna.com.au/bozohttpd/CHANGES"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/109283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/68752"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94751"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}