CVE-2010-2320
Summary
| CVE | CVE-2010-2320 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-08-02 20:40:00 UTC |
| Updated | 2017-08-17 01:32:00 UTC |
| Description | bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eterna | Bozohttpd | 19990519 | All | All | All |
| Application | Eterna | Bozohttpd | 20000421 | All | All | All |
| Application | Eterna | Bozohttpd | 20000426 | All | All | All |
| Application | Eterna | Bozohttpd | 20000427 | All | All | All |
| Application | Eterna | Bozohttpd | 20000815 | All | All | All |
| Application | Eterna | Bozohttpd | 20000825 | All | All | All |
| Application | Eterna | Bozohttpd | 20010610 | All | All | All |
| Application | Eterna | Bozohttpd | 20010812 | All | All | All |
| Application | Eterna | Bozohttpd | 20010922 | All | All | All |
| Application | Eterna | Bozohttpd | 20020710 | All | All | All |
| Application | Eterna | Bozohttpd | 20020730 | All | All | All |
| Application | Eterna | Bozohttpd | 20020803 | All | All | All |
| Application | Eterna | Bozohttpd | 20020804 | All | All | All |
| Application | Eterna | Bozohttpd | 20020823 | All | All | All |
| Application | Eterna | Bozohttpd | 20020913 | All | All | All |
| Application | Eterna | Bozohttpd | 20021106 | All | All | All |
| Application | Eterna | Bozohttpd | 20030313 | All | All | All |
| Application | Eterna | Bozohttpd | 20030409 | All | All | All |
| Application | Eterna | Bozohttpd | 20030626 | All | All | All |
| Application | Eterna | Bozohttpd | 20031005 | All | All | All |
| Application | Eterna | Bozohttpd | 20040218 | All | All | All |
| Application | Eterna | Bozohttpd | 20040808 | All | All | All |
| Application | Eterna | Bozohttpd | 20050410 | All | All | All |
| Application | Eterna | Bozohttpd | 20060517 | All | All | All |
| Application | Eterna | Bozohttpd | 20060710 | All | All | All |
| Application | Eterna | Bozohttpd | 20080303 | All | All | All |
| Application | Eterna | Bozohttpd | 20090417 | All | All | All |
| Application | Eterna | Bozohttpd | 20090522 | All | All | All |
| Application | Eterna | Bozohttpd | 20100509 | All | All | All |
| Application | Eterna | Bozohttpd | 20100512 | All | All | All |
| Application | Eterna | Bozohttpd | 19990519 | All | All | All |
| Application | Eterna | Bozohttpd | 20000421 | All | All | All |
| Application | Eterna | Bozohttpd | 20000426 | All | All | All |
| Application | Eterna | Bozohttpd | 20000427 | All | All | All |
| Application | Eterna | Bozohttpd | 20000815 | All | All | All |
| Application | Eterna | Bozohttpd | 20000825 | All | All | All |
| Application | Eterna | Bozohttpd | 20010610 | All | All | All |
| Application | Eterna | Bozohttpd | 20010812 | All | All | All |
| Application | Eterna | Bozohttpd | 20010922 | All | All | All |
| Application | Eterna | Bozohttpd | 20020710 | All | All | All |
| Application | Eterna | Bozohttpd | 20020730 | All | All | All |
| Application | Eterna | Bozohttpd | 20020803 | All | All | All |
| Application | Eterna | Bozohttpd | 20020804 | All | All | All |
| Application | Eterna | Bozohttpd | 20020823 | All | All | All |
| Application | Eterna | Bozohttpd | 20020913 | All | All | All |
| Application | Eterna | Bozohttpd | 20021106 | All | All | All |
| Application | Eterna | Bozohttpd | 20030313 | All | All | All |
| Application | Eterna | Bozohttpd | 20030409 | All | All | All |
| Application | Eterna | Bozohttpd | 20030626 | All | All | All |
| Application | Eterna | Bozohttpd | 20031005 | All | All | All |
| Application | Eterna | Bozohttpd | 20040218 | All | All | All |
| Application | Eterna | Bozohttpd | 20040808 | All | All | All |
| Application | Eterna | Bozohttpd | 20050410 | All | All | All |
| Application | Eterna | Bozohttpd | 20060517 | All | All | All |
| Application | Eterna | Bozohttpd | 20060710 | All | All | All |
| Application | Eterna | Bozohttpd | 20080303 | All | All | All |
| Application | Eterna | Bozohttpd | 20090417 | All | All | All |
| Application | Eterna | Bozohttpd | 20090522 | All | All | All |
| Application | Eterna | Bozohttpd | 20100509 | All | All | All |
| Application | Eterna | Bozohttpd | 20100512 | All | All | All |
| Application | Eterna | Bozohttpd | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| bozohttp Security Bypass Vulnerability - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| www.eterna.com.au/bozohttpd/CHANGES | CONFIRM | www.eterna.com.au | |
| #590298 - bozohttpd: CVE-2010-2320,CVE-2010-2195 multiple security issues - Debian Bug report logs | CONFIRM | bugs.debian.org | Exploit |
| Bug #582473 “bozohttpd show index of /homt/user if there is no p...” : Bugs : bozohttpd package : Ubuntu | CONFIRM | bugs.launchpad.net | Exploit |
| CVE-2010-2320 | CONFIRM | security-tracker.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.