old bozohttpd security issues

please ensure that your openssl has been updated and any private keys used while using openssl 1.0.1 to 1.0.01f, and 1.0.2-beta are regenerated to deal with the problem described in CVE-2014-0160 . please see old security issues for older information.

please note that bozohttpd versions prior to 20170201 have a flaw in the handling of CGI in some cases, leading to an infinite loop. please update to 20181215 or newer as soon as possible.

please note that bozohttpd versions prior to 20160415 have a flaw in the handling of CGI in some cases, if the -C option has been used to setup a CGI handler. please update to 20181215 or newer as soon as possible.

please note that bozohttpd versions prior to 20140708 have a flaw in the handling of basic HTTP authentication (aka ".htaccess") and it is possible to bypass the authentication. please update to 20181215 or newer as soon as possible.

please note that a bozohttpd versions 20090522 to 20100512, inclusive, have a serious wrong code generation interaction with GCC that has been fixed in the 20100617 release. additionally, all bozohttpd verisons prior to 20100920 have a flaw in the virtual hosting support, enabling access to files outside of the virtual root, that was fixed in the 20100920 release. please update to 20181215 or newer as soon as possible.


Contact the web master