A vulnerability in mini_httpd could allow remote attackers to execute arbitrary code.
Package | www-servers/mini_httpd on all architectures |
---|---|
Affected versions | revision <= 1.19 |
Unaffected versions |
mini_httpd is a small webserver with optional SSL and IPv6 support.
mini_httpd does not properly check for shell escapes when parsing HTTP requests.
A remote attacker could send specially crafted HTTP requests, possibly resulting in execution of arbitrary code with the privileges of the process, or allowing for overwriting of files.
There is no known workaround at this time.
Gentoo discontinued support for mini_httpd. We recommend that users unmerge mini_httpd:
# emerge --unmerge "www-servers/mini_httpd"
Release date
June 24, 2012
Latest revision
June 24, 2012: 1
Severity
normal
Exploitable
remote
Bugzilla entries