← Back

CVE-2003-0899

nvd nist
Published: Nov 3, 2003Modified: Apr 16, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

Affected (3)

Products: Acme: Thttpd
Acme
1 product
Thttpd
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Acme
Thttpd
From 2.21 to 2.23
Thttpd
Version 2.23
Thttpd
Version 2.23 b1

Related CWEs

CWE-131
Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References (14)

Source: cve@mitre.org
ExploitMailing List
Source: cve@mitre.org
Broken LinkPatchVendor Advisory
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Broken LinkExploitPatchThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Broken LinkURL Repurposed
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkExploitPatchThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkURL Repurposed
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.