Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-8279
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote malicious users to read arbitrary files via a request to an unspecified PHP script.
Samsung Web Viewer
2 Metasploit modules
1 Github repository
5
CVSSv2
CVE-2015-3200
mod_auth in lighttpd prior to 1.4.36 allows remote malicious users to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Lighttpd Lighttpd
Hp Virtual Customer Access System
Oracle Solaris 11.3
5
CVSSv2
CVE-2014-8005
Race condition in the lighttpd module in Cisco IOS XR 5.1 and previous versions on Network Convergence System 6000 devices allows remote malicious users to cause a denial of service (process reload) by establishing many TCP sessions, aka Bug ID CSCuq45239.
Cisco Ios Xr
5
CVSSv2
CVE-2014-2469
Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows malicious users to cause a denial of service via unknown vectors.
Oracle Sunos 5.11.1
5
CVSSv2
CVE-2014-2324
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd prior to 1.4.35 allow remote malicious users to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Lighttpd Lighttpd
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 12.3
Suse Linux Enterprise Software Development Kit 11
Opensuse Opensuse 11.4
Opensuse Opensuse 13.1
Suse Linux Enterprise High Availability Extension 11
Contec Sv-cpt-mc310 Firmware
2 Github repositories
5
CVSSv2
CVE-2013-4560
Use-after-free vulnerability in lighttpd prior to 1.4.33 allows remote malicious users to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Lighttpd Lighttpd
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
5
CVSSv2
CVE-2012-5533
The http_request_split_value function in request.c in lighttpd prior to 1.4.32 allows remote malicious users to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header...
Lighttpd Lighttpd 1.4.32
Lighttpd Lighttpd 1.4.31
1 EDB exploit
5
CVSSv2
CVE-2011-4362
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 prior to 1.4.30 and 1.5 before SVN revision 2806 allows remote malicious users to cause a denial of service (segmentation fault) via crafted base64 input ...
Lighttpd Lighttpd 1.5.0
Lighttpd Lighttpd
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
1 EDB exploit
5
CVSSv2
CVE-2010-0295
lighttpd prior to 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote malicious users to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.4.21
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.2.2
Lighttpd Lighttpd 1.3.0
Lighttpd Lighttpd 1.0.3
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.4.24
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.13
1 EDB exploit
5
CVSSv2
CVE-2008-4298
Memory leak in the http_request_parse function in request.c in lighttpd prior to 1.4.20 allows remote malicious users to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.4.1
Lighttpd Lighttpd 1.2.2
Lighttpd Lighttpd 1.3.0
Lighttpd Lighttpd
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.13
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »