Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

lighttpd lighttpd 1.4.31 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2012-5533
The http_request_split_value function in request.c in lighttpd prior to 1.4.32 allows remote malicious users to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header...
Lighttpd Lighttpd 1.4.32Lighttpd Lighttpd 1.4.31
5
CVSSv2
CVE-2013-4560
Use-after-free vulnerability in lighttpd prior to 1.4.33 allows remote malicious users to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Lighttpd LighttpdDebian Debian Linux 6.0Debian Debian Linux 7.0Debian Debian Linux 8.0Opensuse Opensuse 12.2Opensuse Opensuse 12.3Opensuse Opensuse 13.1
4.3
CVSSv2
CVE-2013-4508
lighttpd prior to 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote malicious users to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
Lighttpd LighttpdDebian Debian Linux 6.0Debian Debian Linux 7.0Debian Debian Linux 8.0Opensuse Opensuse 12.2Opensuse Opensuse 12.3Opensuse Opensuse 13.1
7.6
CVSSv2
CVE-2013-4559
lighttpd prior to 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote malicious users to gain privileges, as demonstrated by multiple calls to the clone fu...
Lighttpd LighttpdDebian Debian Linux 6.0Debian Debian Linux 7.0Debian Debian Linux 8.0Opensuse Opensuse 12.2Opensuse Opensuse 12.3Opensuse Opensuse 13.1
7.5
CVSSv2
CVE-2014-2323
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd prior to 1.4.35 allows remote malicious users to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Lighttpd LighttpdDebian Debian Linux 6.0Debian Debian Linux 7.0Debian Debian Linux 8.0Opensuse Opensuse 11.4Opensuse Opensuse 12.3Opensuse Opensuse 13.1Suse Linux Enterprise High Availability Extension 11Suse Linux Enterprise Software Development Kit 11
5
CVSSv2
CVE-2014-2324
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd prior to 1.4.35 allow remote malicious users to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Lighttpd LighttpdDebian Debian Linux 6.0Debian Debian Linux 7.0Debian Debian Linux 8.0Opensuse Opensuse 11.4Opensuse Opensuse 12.3Opensuse Opensuse 13.1Suse Linux Enterprise High Availability Extension 11Suse Linux Enterprise Software Development Kit 11Contec Sv-cpt-mc310 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook