bozohttpd is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to restricted content. This can lead to other attacks. bozohttpd 20090522 and 20100509 are vulnerable other versions may also be affected.
Updates are available. Please see the references for more information.
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
- IBM HTTP Server Multiple Cross Site Scripting Vulnerabilities
- IBM WebSphere Application Multiple Vulnerabilities Jul-11