Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-3947
request.c in lighttpd 1.4.15 allows remote malicious users to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
Lighttpd Lighttpd
1 EDB exploit
NA
CVE-2007-1869
lighttpd 1.4.12 and 1.4.13 allows remote malicious users to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.12
NA
CVE-2007-1870
lighttpd prior to 1.4.14 allows malicious users to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.7
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
Lighttpd Lighttpd 1.3.4
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.8
NA
CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote malicious users to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP...
Lighttpd Lighttpd 1.1.0
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.1.9
Lighttpd Lighttpd 1.2.0
Lighttpd Lighttpd 1.2.7
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.1.2
Lighttpd Lighttpd 1.1.3
Lighttpd Lighttpd 1.2.1
Lighttpd Lighttpd 1.1.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
NA
CVE-2006-0760
LightTPD 1.4.8 and previous versions, when the web root is on a case-insensitive filesystem, allows remote malicious users to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the...
Lighttpd Lighttpd 1.1.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
Lighttpd Lighttpd 1.3.3
Lighttpd Lighttpd 1.3.4
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.0.2
Lighttpd Lighttpd 1.0.3
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.1.7
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.2.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.5
NA
CVE-2005-0453
The buffer_urldecode function in Lighttpd 1.3.7 and previous versions does not properly handle control characters, which allows remote malicious users to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.
Lighttpd Lighttpd 1.3.7
NA
CVE-2016-100021
lighttpd: CVE-2016-1000212: HTTP Server sets environmental variable HTTP_PROXY based on user supplied Proxy request header (httpoxy)
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10