Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd 1.4.8 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0983
lighttpd 1.4.18, and possibly other versions prior to 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote malicious users to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.9
NA
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd prior to 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a diffe...
Lighttpd Lighttpd 1.4.23
Lighttpd Lighttpd 1.4.22
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd
Lighttpd Lighttpd 1.4.26
Lighttpd Lighttpd 1.4.19
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.21
Lighttpd Lighttpd 1.4.20
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.4.25
Lighttpd Lighttpd 1.4.24
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.16
NA
CVE-2007-1870
lighttpd prior to 1.4.14 allows malicious users to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.7
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
Lighttpd Lighttpd 1.3.4
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.8
NA
CVE-2006-0760
LightTPD 1.4.8 and previous versions, when the web root is on a case-insensitive filesystem, allows remote malicious users to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the...
Lighttpd Lighttpd 1.1.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
Lighttpd Lighttpd 1.3.3
Lighttpd Lighttpd 1.3.4
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.0.2
Lighttpd Lighttpd 1.0.3
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.1.7
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.2.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.5
NA
CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote malicious users to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP...
Lighttpd Lighttpd 1.1.0
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.1.9
Lighttpd Lighttpd 1.2.0
Lighttpd Lighttpd 1.2.7
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.1.2
Lighttpd Lighttpd 1.1.3
Lighttpd Lighttpd 1.2.1
Lighttpd Lighttpd 1.1.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
NA
CVE-2008-4298
Memory leak in the http_request_parse function in request.c in lighttpd prior to 1.4.20 allows remote malicious users to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.0
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.1
Lighttpd Lighttpd 1.3.0
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.2.2
Lighttpd Lighttpd 1.2.1
Lighttpd Lighttpd 1.1.3
Lighttpd Lighttpd 1.1.2
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.5
NA
CVE-2010-0295
lighttpd prior to 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote malicious users to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.4.19
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.0.2
Lighttpd Lighttpd 1.4.20
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.0
Lighttpd Lighttpd 1.3.2
Lighttpd Lighttpd 1.3.16
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started