ALAS-2014-346 ---- lighttpdID: oval:org.secpod.oval:def:1600127 | Date: (C)2016-01-07 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. in the host name, related to request_check_hostname.SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Platform: |
Amazon Linux AMI |