Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2011-4362
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 prior to 1.4.30 and 1.5 before SVN revision 2806 allows remote malicious users to cause a denial of service (segmentation fault) via crafted base64 input ...
Lighttpd Lighttpd
Lighttpd Lighttpd 1.5.0
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Debian Debian Linux 7.0
1 EDB exploit
NA
CVE-2022-41556
A resource leak in gw_backend.c in lighttpd 1.4.56 up to and including 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use o...
Lighttpd Lighttpd
Fedoraproject Fedora 35
7.5
CVSSv2
CVE-2008-4359
lighttpd prior to 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote malicious users to bypass intended access restrictions, and obtain sensitive information or possibly modi...
Lighttpd Lighttpd
Debian Debian Linux 4.0
7.5
CVSSv2
CVE-2008-4360
mod_userdir in lighttpd prior to 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote malicious users to bypass intended access restrictions, as demons...
Lighttpd Lighttpd
Debian Debian Linux 4.0
4.3
CVSSv2
CVE-2008-1531
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and previous versions, and 1.5.x prior to 1.5.0, allows remote malicious users to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download ha...
Lighttpd Lighttpd
Debian Debian Linux 4.0
NA
CVE-2022-37797
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external malicious user to cause denial of service c...
Lighttpd Lighttpd 1.4.65
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2022-22707
In lighttpd 1.4.46 up to and including 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-defaul...
Lighttpd Lighttpd
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2 Github repositories
5
CVSSv2
CVE-2015-3200
mod_auth in lighttpd prior to 1.4.36 allows remote malicious users to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Lighttpd Lighttpd
Hp Virtual Customer Access System
Oracle Solaris 11.3
4.3
CVSSv2
CVE-2013-4508
lighttpd prior to 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote malicious users to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
7.6
CVSSv2
CVE-2013-4559
lighttpd prior to 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote malicious users to gain privileges, as demonstrated by multiple calls to the clone fu...
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »