• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
Date Entry Created
20001015 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20010910-01)
Votes (Legacy)
ACCEPT(2) Baker, Collins
MODIFY(1) Frech
NOOP(4) Armstrong, Christey, Cole, Wall
Comments (Legacy)
 Frech> XF:htgrep-cgi-view-files(5476)
 Christey> The change log for htgrep acknowledges the problem, but it
   says that the qry tag is also affected.  CD:SF-LOC says that
   multiple problems of the same type in the same version should
   be combined, so this candidate should get a "soft recast"
   and qry should be added to the description.

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.