Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2007-4727
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd prior to 1.4.18 allows remote malicious users to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as de...
Lighttpd Lighttpd
570
VMScore
CVE-2007-3946
mod_auth (http_auth.c) in lighttpd prior to 1.4.16 allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the A...
Lighttpd Lighttpd
585
VMScore
CVE-2007-3947
request.c in lighttpd 1.4.15 allows remote malicious users to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
Lighttpd Lighttpd
1 EDB exploit
383
VMScore
CVE-2007-3948
connections.c in lighttpd prior to 1.4.16 might accept more connections than the configured maximum, which allows remote malicious users to cause a denial of service (failed assertion) via a large number of connection attempts.
Lighttpd Lighttpd
739
VMScore
CVE-2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote malicious users to bypass url.access-deny settings.
Lighttpd Lighttpd
383
VMScore
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_web...
Lighttpd Lighttpd
668
VMScore
CVE-2019-11072
lighttpd prior to 1.4.54 has a signed integer overflow, which might allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_...
Lighttpd Lighttpd
2 Github repositories
505
VMScore
CVE-2008-1270
mod_userdir in lighttpd 1.4.18 and previous versions, when userdir.path is not set, uses a default of $HOME, which might allow remote malicious users to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Lighttpd Lighttpd
1 EDB exploit
445
VMScore
CVE-2005-0453
The buffer_urldecode function in Lighttpd 1.3.7 and previous versions does not properly handle control characters, which allows remote malicious users to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.
Lighttpd Lighttpd 1.3.7
445
VMScore
CVE-2008-1111
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote malicious users to obtain sensitive information.
Lighttpd Lighttpd 1.4.18
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »