Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-4362
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 prior to 1.4.30 and 1.5 before SVN revision 2806 allows remote malicious users to cause a denial of service (segmentation fault) via crafted base64 input ...
Lighttpd Lighttpd
Lighttpd Lighttpd 1.5.0
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Debian Debian Linux 7.0
1 EDB exploit
7.5
CVSSv3
CVE-2022-41556
A resource leak in gw_backend.c in lighttpd 1.4.56 up to and including 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use o...
Lighttpd Lighttpd
Fedoraproject Fedora 35
NA
CVE-2008-1531
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and previous versions, and 1.5.x prior to 1.5.0, allows remote malicious users to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download ha...
Lighttpd Lighttpd
Debian Debian Linux 4.0
NA
CVE-2008-4359
lighttpd prior to 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote malicious users to bypass intended access restrictions, and obtain sensitive information or possibly modi...
Lighttpd Lighttpd
Debian Debian Linux 4.0
NA
CVE-2008-4360
mod_userdir in lighttpd prior to 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote malicious users to bypass intended access restrictions, as demons...
Lighttpd Lighttpd
Debian Debian Linux 4.0
7.5
CVSSv3
CVE-2022-37797
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external malicious user to cause denial of service c...
Lighttpd Lighttpd 1.4.65
Debian Debian Linux 10.0
5.9
CVSSv3
CVE-2022-22707
In lighttpd 1.4.46 up to and including 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-defaul...
Lighttpd Lighttpd
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2 Github repositories
7.5
CVSSv3
CVE-2015-3200
mod_auth in lighttpd prior to 1.4.36 allows remote malicious users to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Lighttpd Lighttpd
Hp Virtual Customer Access System
Oracle Solaris 11.3
NA
CVE-2013-4559
lighttpd prior to 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote malicious users to gain privileges, as demonstrated by multiple calls to the clone fu...
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
NA
CVE-2013-4560
Use-after-free vulnerability in lighttpd prior to 1.4.33 allows remote malicious users to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »