VULHUB ™

The thttpd web server (versions 1.90a to 2.04) doesn't do proper bounds checking in the date parsing function tdate_parse(). By overflowing a static buffer in tdate_parse() an attacker could remotely execute commands on the thttpd host with the permissions of thttpd. The buffer overflow occurs when a HTTP GET request is made with an overlong "If-Modified-Since" header(approx. 1300+) characters.

The thttpd web server (versions 1.90a to 2.04) doesn't do proper bounds checking in the date parsing function tdate_parse(). By overflowing a static buffer in tdate_parse() an attacker could remotely execute commands on the thttpd host with the permissions of thttpd. The buffer overflow occurs when a HTTP GET request is made with an overlong "If-Modified-Since" header(approx. 1300+) characters.