Aggregates CVE and security vulnerability intelligence across all monkey-project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues involve various input-handling and memory-safety problems that may affect software stability and security.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-4443 | Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access. | [email protected] | 6.9 | 0.38% | 2012-10-05 | 2026-06-16 |
| CVE-2005-1123 | Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file. | [email protected] | 5.0 | 1.59% | 2005-05-02 | 2026-06-16 |
| CVE-2005-1122 | Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). | [email protected] | 7.5 | 2.69% | 2005-04-14 | 2026-06-16 |
| CVE-2004-0276 | The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. | [email protected] | 5.0 | 3.76% | 2004-11-23 | 2026-06-16 |
| CVE-2003-1209 | The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header. | [email protected] | 5.0 | 2.40% | 2003-12-31 | 2026-06-16 |
| CVE-2003-0218 | Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. | [email protected] | 7.5 | 5.20% | 2003-05-12 | 2026-06-16 |
| CVE-2002-2154 | Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | [email protected] | 5.0 | 7.57% | 2002-12-31 | 2026-06-16 |
| CVE-2002-1852 | Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl. | [email protected] | 4.3 | 3.36% | 2002-12-31 | 2026-06-16 |
| CVE-2002-1663 | The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value. | [email protected] | 5.0 | 4.02% | 2002-12-31 | 2026-06-16 |