CVE-CVE-2001-0834 | UNKNOWN Severity | CVEDatabase.com

Description

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: partial
Integrity: none
Availability: partial
Weaknesses: NVD-CWE-Other

Metadata

Primary Vendor: HTDIG
Published: 12/6/2001
Last Modified: 4/3/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

htdig : htdigconectiva : linuxconectiva : linuxconectiva : linuxconectiva : linuxdebian : debian_linuxsuse : suse_linuxsuse : suse_linuxsuse : suse_linuxsuse : suse_linuxsuse : suse_linuxsuse : suse_linux

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD