NVD Vulnerability Detail

CVE-2010-2320

Summary	bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences.
Publication Date	Aug. 3, 2010, 5:40 a.m.
Registration Date	Jan. 29, 2021, 11:02 a.m.
Last Update	Nov. 21, 2024, 10:16 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:eterna:bozohttpd:20090417:::::::*
cpe:2.3:a:eterna:bozohttpd:20080303:::::::*
cpe:2.3:a:eterna:bozohttpd:20030313:::::::*
cpe:2.3:a:eterna:bozohttpd:20000421:::::::*
cpe:2.3:a:eterna:bozohttpd:20000825:::::::*
cpe:2.3:a:eterna:bozohttpd:20100512:::::::*
cpe:2.3:a:eterna:bozohttpd:20021106:::::::*
cpe:2.3:a:eterna:bozohttpd:20060710:::::::*
cpe:2.3:a:eterna:bozohttpd:20020803:::::::*
cpe:2.3:a:eterna:bozohttpd:20020804:::::::*
cpe:2.3:a:eterna:bozohttpd:20050410:::::::*
cpe:2.3:a:eterna:bozohttpd:20090522:::::::*
cpe:2.3:a:eterna:bozohttpd:20040808:::::::*
cpe:2.3:a:eterna:bozohttpd:20020730:::::::*
cpe:2.3:a:eterna:bozohttpd:20030626:::::::*
cpe:2.3:a:eterna:bozohttpd:20030409:::::::*
cpe:2.3:a:eterna:bozohttpd:20100509:::::::*
cpe:2.3:a:eterna:bozohttpd:20010922:::::::*
cpe:2.3:a:eterna:bozohttpd:20020710:::::::*
cpe:2.3:a:eterna:bozohttpd:20000426:::::::*
cpe:2.3:a:eterna:bozohttpd:20031005:::::::*
cpe:2.3:a:eterna:bozohttpd:20040218:::::::*
cpe:2.3:a:eterna:bozohttpd:20000427:::::::*
cpe:2.3:a:eterna:bozohttpd:20060517:::::::*
cpe:2.3:a:eterna:bozohttpd:20010812:::::::*
cpe:2.3:a:eterna:bozohttpd:20020913:::::::*
cpe:2.3:a:eterna:bozohttpd::::::::		20100617
cpe:2.3:a:eterna:bozohttpd:19990519:::::::*
cpe:2.3:a:eterna:bozohttpd:20010610:::::::*
cpe:2.3:a:eterna:bozohttpd:20020823:::::::*
cpe:2.3:a:eterna:bozohttpd:20000815:::::::*

Related information, measures and tools

No	URL	タグ
1	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298	Exploit
2	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590298	Exploit
3	http://secunia.com/advisories/40737	Vendor Advisory
4	http://secunia.com/advisories/40737	Vendor Advisory
5	http://security-tracker.debian.org/tracker/CVE-2010-2320
6	http://security-tracker.debian.org/tracker/CVE-2010-2320
7	http://www.eterna.com.au/bozohttpd/CHANGES
8	http://www.eterna.com.au/bozohttpd/CHANGES
9	https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473	Exploit
10	https://bugs.launchpad.net/ubuntu/+source/bozohttpd/+bug/582473	Exploit
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/60812
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/60812

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

bozotic HTTP サーバにおけるユーザアカウントの存在を決定される脆弱性

Title	bozotic HTTP サーバにおけるユーザアカウントの存在を決定される脆弱性
Summary	bozotic HTTP サーバには、ホームディレクトリの内容を一覧にされる、およびユーザアカウントの存在を決定される脆弱性が存在します。
Possible impacts	第三者により、/~ シーケンスで始まる URI に対する複数のリクエストを介して、ホームディレクトリの内容を一覧にされる、およびユーザアカウントの存在を決定される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 2, 2010, midnight
Registration Date	June 26, 2012, 4:19 p.m.
Last Update	June 26, 2012, 4:19 p.m.

Affected System

ETERNA

bozohttpd 20100621 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-2320	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2320
National Vulnerability Database (NVD)
2	CVE-2010-2320	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2320

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
ETERNA
1	eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp	http://www.eterna.com.au/bozohttpd/CHANGES

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:eterna:bozohttpd:20090417:::::::*
cpe:2.3:a:eterna:bozohttpd:20080303:::::::*
cpe:2.3:a:eterna:bozohttpd:20030313:::::::*
cpe:2.3:a:eterna:bozohttpd:20000421:::::::*
cpe:2.3:a:eterna:bozohttpd:20000825:::::::*
cpe:2.3:a:eterna:bozohttpd:20100512:::::::*
cpe:2.3:a:eterna:bozohttpd:20021106:::::::*
cpe:2.3:a:eterna:bozohttpd:20060710:::::::*
cpe:2.3:a:eterna:bozohttpd:20020803:::::::*
cpe:2.3:a:eterna:bozohttpd:20020804:::::::*
cpe:2.3:a:eterna:bozohttpd:20050410:::::::*
cpe:2.3:a:eterna:bozohttpd:20090522:::::::*
cpe:2.3:a:eterna:bozohttpd:20040808:::::::*
cpe:2.3:a:eterna:bozohttpd:20020730:::::::*
cpe:2.3:a:eterna:bozohttpd:20030626:::::::*
cpe:2.3:a:eterna:bozohttpd:20030409:::::::*
cpe:2.3:a:eterna:bozohttpd:20100509:::::::*
cpe:2.3:a:eterna:bozohttpd:20010922:::::::*
cpe:2.3:a:eterna:bozohttpd:20020710:::::::*
cpe:2.3:a:eterna:bozohttpd:20000426:::::::*
cpe:2.3:a:eterna:bozohttpd:20031005:::::::*
cpe:2.3:a:eterna:bozohttpd:20040218:::::::*
cpe:2.3:a:eterna:bozohttpd:20000427:::::::*
cpe:2.3:a:eterna:bozohttpd:20060517:::::::*
cpe:2.3:a:eterna:bozohttpd:20010812:::::::*
cpe:2.3:a:eterna:bozohttpd:20020913:::::::*
cpe:2.3:a:eterna:bozohttpd::::::::		20100617
cpe:2.3:a:eterna:bozohttpd:19990519:::::::*
cpe:2.3:a:eterna:bozohttpd:20010610:::::::*
cpe:2.3:a:eterna:bozohttpd:20020823:::::::*
cpe:2.3:a:eterna:bozohttpd:20000815:::::::*