vulnerability
Ubuntu: (CVE-2015-8212): bozohttpd vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 19, 2017 | Nov 19, 2024 | Mar 27, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 19, 2017
Added
Nov 19, 2024
Modified
Mar 27, 2026
Description
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
Solution
ubuntu-upgrade-bozohttpd
References
- CVE-2015-8212
- https://attackerkb.com/topics/CVE-2015-8212
- CWE-20
- EUVD-EUVD-2015-8102
- http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc
- http://www.eterna.com.au/bozohttpd/CHANGES
- http://www.eterna.com.au/bozohttpd/bozohttpd-20160415.tar.bz2
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2015-8102
- https://www.cve.org/CVERecord?id=CVE-2015-8212
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.