Acme

Do you want an email whenever new security vulnerabilities are reported in any Acme product?

Products by Acme Sorted by Most Security Vulnerabilities since 2018

Acme Thttpd5 vulnerabilities

Acme Mini Httpd2 vulnerabilities

Acme Micro Httpd1 vulnerability

Acme Ultra Mini Httpd1 vulnerability

By the Year

In 2024 there have been 1 vulnerability in Acme with an average score of 7.5 out of ten. Acme did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.

Year	Vulnerabilities	Average Score
2024	1	7.50
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	1	6.50

It may take a day or so for new Acme vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Acme Security Vulnerabilities

A vulnerability was found in ACME Ultra Mini HTTPd 1.21

CVE-2024-0263 7.5 - High - January 07, 2024

A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819.

Improper Resource Shutdown or Release

ACME mini_httpd before 1.30 lets remote users read arbitrary files.

CVE-2018-18778 6.5 - Medium - October 29, 2018

ACME mini_httpd before 1.30 lets remote users read arbitrary files.

Information Disclosure

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers

CVE-2014-4927 - July 24, 2014

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.

Buffer Overflow

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which

CVE-2013-0348 - December 13, 2013

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

Permissions, Privileges, and Access Controls

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might

CVE-2009-4491 - January 13, 2010

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Improper Input Validation

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests

CVE-2003-0899 9.8 - Critical - November 03, 2003

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.

Incorrect Calculation of Buffer Size

Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20

CVE-2001-1496 9.8 - Critical - December 31, 2001

Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

off-by-five

Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled

CVE-2001-0892 - November 13, 2001

Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.

Exposure of Resource to Wrong Sphere

Acme mini_httpd before 1.16

CVE-2001-0893 - November 13, 2001

Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.

Exposure of Resource to Wrong Sphere

Acme

Products by Acme Sorted by Most Security Vulnerabilities since 2018

Acme Thttpd5 vulnerabilities

Acme Mini Httpd2 vulnerabilities

Acme Micro Httpd1 vulnerability

Acme Ultra Mini Httpd1 vulnerability

By the Year

Recent Acme Security Vulnerabilities

A vulnerability was found in ACME Ultra Mini HTTPd 1.21 CVE-2024-0263 7.5 - High - January 07, 2024

ACME mini_httpd before 1.30 lets remote users read arbitrary files. CVE-2018-18778 6.5 - Medium - October 29, 2018

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers CVE-2014-4927 - July 24, 2014

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which CVE-2013-0348 - December 13, 2013

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might CVE-2009-4491 - January 13, 2010

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests CVE-2003-0899 9.8 - Critical - November 03, 2003

Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 CVE-2001-1496 9.8 - Critical - December 31, 2001

Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled CVE-2001-0892 - November 13, 2001

Acme mini_httpd before 1.16 CVE-2001-0893 - November 13, 2001