CVE-2014-5015 Detail

CVE-2014-5015

OWSAP

A01-Broken Access Control

EPSS

0.55%V3

Vector

Network

Published

2014-07-24
12h00 +00:00

Modified

2017-08-28
10h57 +00:00

Official links

CVE.org

NVD

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Notifications manage

List of Notifications

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2025-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CVE Descriptions

bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-264	Category : Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	5		AV:N/AC:L/Au:N/C:P/I:N/A:N	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Eterna>>Bozohttpd >> Version To (including) 20140201

Eterna>>Bozohttpd >> Version 19990519 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20000421 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20000426 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20000427 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20000815 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20000825 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20010610 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20010812 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20010922 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20020710 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20020730 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20020803 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20020804 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20020823 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20020913 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20021106 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20030313 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20030409 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20030626 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20031005 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20040218 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20040808 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20050410 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20060517 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20060710 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20080303 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20090417 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20090522 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20100509 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20100512 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20100617 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20100621 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20100920 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20111118 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20140102 (Open CPE detail)
Eterna>>Bozohttpd >> Version 20140201 (Open CPE detail)

Eterna>>Bozohttpd >> Version 19990519

Eterna>>Bozohttpd >> Version 19990519 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20000421

Eterna>>Bozohttpd >> Version 20000421 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20000426

Eterna>>Bozohttpd >> Version 20000426 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20000427

Eterna>>Bozohttpd >> Version 20000427 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20000815

Eterna>>Bozohttpd >> Version 20000815 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20000825

Eterna>>Bozohttpd >> Version 20000825 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20010610

Eterna>>Bozohttpd >> Version 20010610 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20010812

Eterna>>Bozohttpd >> Version 20010812 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20010922

Eterna>>Bozohttpd >> Version 20010922 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20020710

Eterna>>Bozohttpd >> Version 20020710 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20020730

Eterna>>Bozohttpd >> Version 20020730 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20020803

Eterna>>Bozohttpd >> Version 20020803 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20020804

Eterna>>Bozohttpd >> Version 20020804 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20020823

Eterna>>Bozohttpd >> Version 20020823 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20020913

Eterna>>Bozohttpd >> Version 20020913 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20021106

Eterna>>Bozohttpd >> Version 20021106 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20030313

Eterna>>Bozohttpd >> Version 20030313 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20030409

Eterna>>Bozohttpd >> Version 20030409 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20030626

Eterna>>Bozohttpd >> Version 20030626 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20031005

Eterna>>Bozohttpd >> Version 20031005 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20040218

Eterna>>Bozohttpd >> Version 20040218 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20040808

Eterna>>Bozohttpd >> Version 20040808 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20050410

Eterna>>Bozohttpd >> Version 20050410 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20060517

Eterna>>Bozohttpd >> Version 20060517 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20060710

Eterna>>Bozohttpd >> Version 20060710 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20080303

Eterna>>Bozohttpd >> Version 20080303 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20090417

Eterna>>Bozohttpd >> Version 20090417 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20090522

Eterna>>Bozohttpd >> Version 20090522 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20100509

Eterna>>Bozohttpd >> Version 20100509 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20100512

Eterna>>Bozohttpd >> Version 20100512 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20100617

Eterna>>Bozohttpd >> Version 20100617 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20100621

Eterna>>Bozohttpd >> Version 20100621 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20100920

Eterna>>Bozohttpd >> Version 20100920 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20111118

Eterna>>Bozohttpd >> Version 20111118 (Open CPE detail)

Eterna>>Bozohttpd >> Version 20140102

Eterna>>Bozohttpd >> Version 20140102 (Open CPE detail)

Netbsd>>Netbsd >> Version 5.1

Netbsd>>Netbsd >> Version 5.1 (Open CPE detail)

Netbsd>>Netbsd >> Version 5.2

Netbsd>>Netbsd >> Version 5.2 (Open CPE detail)

Netbsd>>Netbsd >> Version 6.0

Netbsd>>Netbsd >> Version 6.0 (Open CPE detail)
Netbsd>>Netbsd >> Version 6.0 (Open CPE detail)

Netbsd>>Netbsd >> Version 6.1

Netbsd>>Netbsd >> Version 6.1 (Open CPE detail)

References

http://www.securityfocus.com/bid/68752
Tags : vdb-entry, x_refsource_BID

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc
Tags : vendor-advisory, x_refsource_NETBSD

http://www.eterna.com.au/bozohttpd/CHANGES
Tags : x_refsource_CONFIRM

http://www.osvdb.org/109283
Tags : vdb-entry, x_refsource_OSVDB

http://www.eterna.com.au/bozohttpd/
Tags : x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/94751
Tags : vdb-entry, x_refsource_XF

http://seclists.org/oss-sec/2014/q3/180
Tags : mailing-list, x_refsource_MLIST

CVE-2014-5015 : Detail

CVE-2014-5015

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

References