CVE-2001-0834

NONE EPSS 83.7%
Published Dec 6, 200124y ago · Modified Jun 16, 20262w ago
Find Similar
Published Dec 6, 2001 24y ago
Last Modified Jun 16, 2026 2w ago

Description

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Threat Intelligence

EPSS Exploit Probability
83.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
htdightdig* ≤3.1.5
conectivalinux5.0any
conectivalinux5.1any
conectivalinux6.0any
conectivalinux7.0any
debiandebian_linux2.2any
susesuse_linux6.3any
susesuse_linux6.4any
susesuse_linux7.0any
susesuse_linux7.1any
susesuse_linux7.2any
susesuse_linux7.3any

References 11

Remediation

  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429
    PatchVendor Advisory
  • debian.org http://www.debian.org/security/2001/dsa-080
    PatchVendor Advisory