Remote Code Execution and Arbitrary File Read Vulnerability in htsearch CGI Program

CVE-2001-0834 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Learn more about our Web Application Penetration Testing UK.