Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-41556
A resource leak in gw_backend.c in lighttpd 1.4.56 up to and including 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use o...
Lighttpd Lighttpd
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2022-37797
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external malicious user to cause denial of service c...
Lighttpd Lighttpd 1.4.65
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-30780
Lighttpd 1.4.56 up to and including 1.4.58 allows a remote malicious user to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
Lighttpd Lighttpd 1.4.57
Lighttpd Lighttpd 1.4.58
Lighttpd Lighttpd 1.4.56
1 Github repository
7.5
CVSSv3
CVE-2021-29295
Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 ...
Dlink Dsp-w215 Firmware 1.10
7.5
CVSSv3
CVE-2020-24573
BAB TECHNOLOGIE GmbH eibPort V3 before 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component.
Bab-technologie Eibport Firmware
7.5
CVSSv3
CVE-2019-5149
The WBM web application on firmwares before 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of ...
Wago Pfc200 Firmware 03.00.39(12)
Wago Pfc200 Firmware 03.01.07(13)
Wago Pfc100 Firmware 03.00.39(12)
Wago Pfc100 Firmware 03.01.07(13)
7.5
CVSSv3
CVE-2018-19052
An issue exists in mod_alias_physical_handler in mod_alias.c in lighttpd prior to 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, b...
Lighttpd Lighttpd
Suse Suse Linux Enterprise Server 11
Opensuse Leap 15.0
Suse Suse Linux Enterprise Server 12
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
3 Github repositories
7.5
CVSSv3
CVE-2015-3200
mod_auth in lighttpd prior to 1.4.36 allows remote malicious users to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Lighttpd Lighttpd
Hp Virtual Customer Access System
Oracle Solaris 11.3
7.5
CVSSv3
CVE-2013-4508
lighttpd prior to 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote malicious users to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
Lighttpd Lighttpd
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
5.9
CVSSv3
CVE-2022-22707
In lighttpd 1.4.46 up to and including 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-defaul...
Lighttpd Lighttpd
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »