Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd 1.4.18 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-1111
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote malicious users to obtain sensitive information.
Lighttpd Lighttpd 1.4.18
5
CVSSv2
CVE-2008-0983
lighttpd 1.4.18, and possibly other versions prior to 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote malicious users to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.9
1.9
CVSSv2
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd prior to 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a diffe...
Lighttpd Lighttpd 1.4.23
Lighttpd Lighttpd 1.4.22
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd
Lighttpd Lighttpd 1.4.26
Lighttpd Lighttpd 1.4.19
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.21
Lighttpd Lighttpd 1.4.20
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.4.25
Lighttpd Lighttpd 1.4.24
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.16
5
CVSSv2
CVE-2008-4298
Memory leak in the http_request_parse function in request.c in lighttpd prior to 1.4.20 allows remote malicious users to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.0
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.1
Lighttpd Lighttpd 1.3.0
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.2.2
Lighttpd Lighttpd 1.2.1
Lighttpd Lighttpd 1.1.3
Lighttpd Lighttpd 1.1.2
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.5
5
CVSSv2
CVE-2010-0295
lighttpd prior to 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote malicious users to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.4.19
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.0.2
Lighttpd Lighttpd 1.4.20
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.0
Lighttpd Lighttpd 1.3.2
Lighttpd Lighttpd 1.3.16
1 EDB exploit
6.8
CVSSv2
CVE-2007-4727
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd prior to 1.4.18 allows remote malicious users to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as de...
Lighttpd Lighttpd
4.3
CVSSv2
CVE-2007-3948
connections.c in lighttpd prior to 1.4.16 might accept more connections than the configured maximum, which allows remote malicious users to cause a denial of service (failed assertion) via a large number of connection attempts.
Lighttpd Lighttpd
5
CVSSv2
CVE-2008-1270
mod_userdir in lighttpd 1.4.18 and previous versions, when userdir.path is not set, uses a default of $HOME, which might allow remote malicious users to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Lighttpd Lighttpd
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started