CVE-2015-8212

EUVD-2015-8102
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
netbsdnetbsd
6.0
netbsdnetbsd
6.0.1
netbsdnetbsd
6.0.2
netbsdnetbsd
6.0.3
netbsdnetbsd
6.0.4
netbsdnetbsd
6.0.5
netbsdnetbsd
6.0.6
netbsdnetbsd
6.1
netbsdnetbsd
6.1.1
netbsdnetbsd
6.1.2
netbsdnetbsd
6.1.3
netbsdnetbsd
6.1.4
netbsdnetbsd
6.1.5
netbsdnetbsd
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bozohttpd
precise
ignored
trusty
Fixed 20111118-1+deb7u1build0.14.04.1
released
wily
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc
http://www.securitytracker.com/id/1035673
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc
http://www.securitytracker.com/id/1035673