Download
| Alert*
|
oval:org.mitre.oval:def:8191
Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems: A memory leak in the http_request_parse function could be used by remote attackers to cause light ... oval:org.secpod.oval:def:106436 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:106434 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:600995 Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the P ... oval:org.secpod.oval:def:601146 Several vulnerabilities have been discovered in the lighttpd web server. CVE-2013-4508 It was discovered that lighttpd uses weak ssl ciphers when SNI is enabled. This issue was solved by ensuring that stronger ssl ciphers are used when SNI is selected. CVE-2013-4559 The clang static analyzer was us ... oval:org.secpod.oval:def:1600127 Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. in the host name, related to request_check_hostname.SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows r ... oval:org.secpod.oval:def:1600079 Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hija ... oval:org.secpod.oval:def:601232 Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module . This only affects installations with the lighttpd-mod-my ... oval:org.secpod.oval:def:2000101 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:1901505 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:600694 Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user i ... |
