CVE-2010-2320
Summary
| CVE | CVE-2010-2320 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-08-02 20:40:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eterna | Bozohttpd | 19990519 | All | All | All |
| Application | Eterna | Bozohttpd | 20000421 | All | All | All |
| Application | Eterna | Bozohttpd | 20000426 | All | All | All |
| Application | Eterna | Bozohttpd | 20000427 | All | All | All |
| Application | Eterna | Bozohttpd | 20000815 | All | All | All |
| Application | Eterna | Bozohttpd | 20000825 | All | All | All |
| Application | Eterna | Bozohttpd | 20010610 | All | All | All |
| Application | Eterna | Bozohttpd | 20010812 | All | All | All |
| Application | Eterna | Bozohttpd | 20010922 | All | All | All |
| Application | Eterna | Bozohttpd | 20020710 | All | All | All |
| Application | Eterna | Bozohttpd | 20020730 | All | All | All |
| Application | Eterna | Bozohttpd | 20020803 | All | All | All |
| Application | Eterna | Bozohttpd | 20020804 | All | All | All |
| Application | Eterna | Bozohttpd | 20020823 | All | All | All |
| Application | Eterna | Bozohttpd | 20020913 | All | All | All |
| Application | Eterna | Bozohttpd | 20021106 | All | All | All |
| Application | Eterna | Bozohttpd | 20030313 | All | All | All |
| Application | Eterna | Bozohttpd | 20030409 | All | All | All |
| Application | Eterna | Bozohttpd | 20030626 | All | All | All |
| Application | Eterna | Bozohttpd | 20031005 | All | All | All |
| Application | Eterna | Bozohttpd | 20040218 | All | All | All |
| Application | Eterna | Bozohttpd | 20040808 | All | All | All |
| Application | Eterna | Bozohttpd | 20050410 | All | All | All |
| Application | Eterna | Bozohttpd | 20060517 | All | All | All |
| Application | Eterna | Bozohttpd | 20060710 | All | All | All |
| Application | Eterna | Bozohttpd | 20080303 | All | All | All |
| Application | Eterna | Bozohttpd | 20090417 | All | All | All |
| Application | Eterna | Bozohttpd | 20090522 | All | All | All |
| Application | Eterna | Bozohttpd | 20100509 | All | All | All |
| Application | Eterna | Bozohttpd | 20100512 | All | All | All |
| Application | Eterna | Bozohttpd | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.eterna.com.au/bozohttpd/CHANGES | af854a3a-2127-422b-91ae-364da2661108 | www.eterna.com.au | |
| Bug #582473 “bozohttpd show index of /homt/user if there is no p...” : Bugs : bozohttpd package : Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | bugs.launchpad.net | Exploit |
| bozohttp Security Bypass Vulnerability - Advisories - Community | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| #590298 - bozohttpd: CVE-2010-2320,CVE-2010-2195 multiple security issues - Debian Bug report logs | af854a3a-2127-422b-91ae-364da2661108 | bugs.debian.org | Exploit |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE-2010-2320 | af854a3a-2127-422b-91ae-364da2661108 | security-tracker.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.