A vulnerability in mini_httpd could allow remote attackers to execute arbitrary code.
|Package||www-servers/mini_httpd on all architectures|
|Affected versions||revision <= 1.19|
mini_httpd is a small webserver with optional SSL and IPv6 support.
mini_httpd does not properly check for shell escapes when parsing HTTP requests.
A remote attacker could send specially crafted HTTP requests, possibly resulting in execution of arbitrary code with the privileges of the process, or allowing for overwriting of files.
There is no known workaround at this time.
Gentoo discontinued support for mini_httpd. We recommend that users unmerge mini_httpd:
# emerge --unmerge "www-servers/mini_httpd"
June 24, 2012
June 24, 2012: 1