GCVE - cpe:2.3:a:acme_labs:thttpd:2.25b:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:acme_labs:thttpd:2.25b:*:*:*:*:*:*:*

part: a version: 2.25b update: *

Vendor	Acme Labs (`f333f08c-2d63-595c-9c4f-c8a3704d5486`)
Product	Thttpd (`545dbbb4-bfae-5980-8768-f8c0176b83a8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/larryhe/tinyhttpd`	purl2cpe	2026-06-01 10:12:39.037943
`pkg:rpm/fedora/thttpd`	purl2cpe	2026-06-01 10:12:39.037945
`pkg:rpm/opensuse/thttpd`	purl2cpe	2026-06-01 10:12:39.037946

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-4248`	vulnerable	2026-06-03 14:27:37.237703	Details available thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file. Published: 2006-10-31T19:00:00.000Z Updated: 2024-08-07T19:06:06.484Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/20891 http://secunia.com/advisories/22712 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396277 http://www.debian.org/security/2006/dsa-1205	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-1079`	vulnerable	2026-06-03 14:27:23.331921	Details available htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. Published: 2006-03-09T00:00:00.000Z Updated: 2024-08-07T16:56:15.551Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/426823/100/0/threaded http://marc.info/?l=thttpd&m=114154083000296&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/25217 http://www.securityfocus.com/bid/16972 http://www.osvdb.org/23828	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-1078`	vulnerable	2026-06-03 14:27:23.331506	Details available Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. Published: 2006-03-09T00:00:00.000Z Updated: 2025-01-16T20:02:13.764Z Open on db.gcve.eu Reference links http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051562.html http://www.securityfocus.com/archive/1/426823/100/0/threaded http://marc.info/?l=thttpd&m=114154083000296&w=2 http://seclists.org/bugtraq/2004/Oct/0359.html http://www.securityfocus.com/bid/16972	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.