Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd 1.5.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2011-4362
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 prior to 1.4.30 and 1.5 before SVN revision 2806 allows remote malicious users to cause a denial of service (segmentation fault) via crafted base64 input ...
Lighttpd Lighttpd
Lighttpd Lighttpd 1.5.0
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Debian Debian Linux 7.0
1 EDB exploit
5
CVSSv2
CVE-2010-0295
lighttpd prior to 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote malicious users to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.4.19
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.0.2
Lighttpd Lighttpd 1.4.20
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.0
Lighttpd Lighttpd 1.3.2
Lighttpd Lighttpd 1.3.16
1 EDB exploit
5
CVSSv2
CVE-2008-0983
lighttpd 1.4.18, and possibly other versions prior to 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote malicious users to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.9
4.3
CVSSv2
CVE-2007-3948
connections.c in lighttpd prior to 1.4.16 might accept more connections than the configured maximum, which allows remote malicious users to cause a denial of service (failed assertion) via a large number of connection attempts.
Lighttpd Lighttpd
4.3
CVSSv2
CVE-2008-1531
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and previous versions, and 1.5.x prior to 1.5.0, allows remote malicious users to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download ha...
Lighttpd Lighttpd
Debian Debian Linux 4.0
5.8
CVSSv2
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Ser...
Openssl Openssl 1.0
Apache Http Server
Openssl Openssl
Gnu Gnutls
Mozilla Nss
Debian Debian Linux 5.0
Canonical Ubuntu Linux 10.10
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Debian Debian Linux 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 9.04
Debian Debian Linux 6.0
Fedoraproject Fedora 12
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Fedoraproject Fedora 14
F5 Nginx
2 EDB exploits
10 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started