Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote malicious users to bypass url.access-deny settings.
Lighttpd Lighttpd
NA
CVE-2007-1869
lighttpd 1.4.12 and 1.4.13 allows remote malicious users to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.12
NA
CVE-2007-1870
lighttpd prior to 1.4.14 allows malicious users to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.7
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
Lighttpd Lighttpd 1.3.4
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.8
NA
CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote malicious users to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP...
Lighttpd Lighttpd 1.1.0
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.1.9
Lighttpd Lighttpd 1.2.0
Lighttpd Lighttpd 1.2.7
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.1.2
Lighttpd Lighttpd 1.1.3
Lighttpd Lighttpd 1.2.1
Lighttpd Lighttpd 1.1.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
NA
CVE-2006-0760
LightTPD 1.4.8 and previous versions, when the web root is on a case-insensitive filesystem, allows remote malicious users to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the...
Lighttpd Lighttpd 1.1.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
Lighttpd Lighttpd 1.3.3
Lighttpd Lighttpd 1.3.4
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.0.2
Lighttpd Lighttpd 1.0.3
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.1.7
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.2.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.5
NA
CVE-2005-0453
The buffer_urldecode function in Lighttpd 1.3.7 and previous versions does not properly handle control characters, which allows remote malicious users to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.
Lighttpd Lighttpd 1.3.7
NA
CVE-2016-100021
lighttpd: CVE-2016-1000212: HTTP Server sets environmental variable HTTP_PROXY based on user supplied Proxy request header (httpoxy)
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10