#VU39815 Input validation error in NetBSD - CVE-2015-8212
Published: January 19, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU39815
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2015-8212
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
NetBSD
NetBSD
Software vendor:
NetBSD Foundation, Inc
NetBSD Foundation, Inc
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
Remediation
Install update from vendor's website.