Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd 1.4.31 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-2323
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd prior to 1.4.35 allows remote malicious users to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Lighttpd Lighttpd
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 12.3
Suse Linux Enterprise Software Development Kit 11
Opensuse Opensuse 11.4
Opensuse Opensuse 13.1
Suse Linux Enterprise High Availability Extension 11
1 Github repository
NA
CVE-2014-2324
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd prior to 1.4.35 allow remote malicious users to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Lighttpd Lighttpd
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 12.3
Suse Linux Enterprise Software Development Kit 11
Opensuse Opensuse 11.4
Opensuse Opensuse 13.1
Suse Linux Enterprise High Availability Extension 11
Contec Sv-cpt-mc310 Firmware
2 Github repositories
NA
CVE-2013-4559
lighttpd prior to 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote malicious users to gain privileges, as demonstrated by multiple calls to the clone fu...
Lighttpd Lighttpd
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
NA
CVE-2013-4560
Use-after-free vulnerability in lighttpd prior to 1.4.33 allows remote malicious users to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Lighttpd Lighttpd
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
7.5
CVSSv3
CVE-2013-4508
lighttpd prior to 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote malicious users to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
Lighttpd Lighttpd
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
NA
CVE-2012-5533
The http_request_split_value function in request.c in lighttpd prior to 1.4.32 allows remote malicious users to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header...
Lighttpd Lighttpd 1.4.32
Lighttpd Lighttpd 1.4.31
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started