Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd 1.4.15 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0983
lighttpd 1.4.18, and possibly other versions prior to 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote malicious users to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.13
NA
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd prior to 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a diffe...
Lighttpd Lighttpd
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.19
Lighttpd Lighttpd 1.4.20
Lighttpd Lighttpd 1.4.21
Lighttpd Lighttpd 1.4.22
Lighttpd Lighttpd 1.4.23
Lighttpd Lighttpd 1.4.24
NA
CVE-2008-4298
Memory leak in the http_request_parse function in request.c in lighttpd prior to 1.4.20 allows remote malicious users to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.4.1
Lighttpd Lighttpd 1.2.2
Lighttpd Lighttpd 1.3.0
Lighttpd Lighttpd
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.13
NA
CVE-2010-0295
lighttpd prior to 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote malicious users to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.4.21
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.2.2
Lighttpd Lighttpd 1.3.0
Lighttpd Lighttpd 1.0.3
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.4.24
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.13
1 EDB exploit
NA
CVE-2007-3947
request.c in lighttpd 1.4.15 allows remote malicious users to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
Lighttpd Lighttpd
1 EDB exploit
NA
CVE-2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote malicious users to bypass url.access-deny settings.
Lighttpd Lighttpd
NA
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_web...
Lighttpd Lighttpd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started