Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
sthttpd ‘thttpd.log’不安全文件权限漏洞
Vulnerability Description
thttpd是ACME实验室的一款轻量级的HTTP服务器,它支持基于URL的文件流量限制,以及支持多种平台,如FreeBSD、SunOS、Solaris、BSD等。sthttpd是thttpd的改进版,包含了一个嵌入功能,能够开发嵌入式系统的Web服务器。 sthttpd 2.26.4及之前的版本和thttpd 2.25b版本中的thttpd.c文件中存在安全漏洞,该漏洞源于程序对/var/log/thttpd.log日志文件设置为全局可读权限。本地攻击者可通过读取文件利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A