Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-1270
mod_userdir in lighttpd 1.4.18 and previous versions, when userdir.path is not set, uses a default of $HOME, which might allow remote malicious users to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Lighttpd Lighttpd
1 EDB exploit
5
CVSSv2
CVE-2008-1111
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote malicious users to obtain sensitive information.
Lighttpd Lighttpd 1.4.18
5
CVSSv2
CVE-2008-0983
lighttpd 1.4.18, and possibly other versions prior to 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote malicious users to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.9
5
CVSSv2
CVE-2007-1869
lighttpd 1.4.12 and 1.4.13 allows remote malicious users to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.12
5
CVSSv2
CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote malicious users to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP...
Lighttpd Lighttpd 1.1.0
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.1.9
Lighttpd Lighttpd 1.2.0
Lighttpd Lighttpd 1.2.7
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.1.2
Lighttpd Lighttpd 1.1.3
Lighttpd Lighttpd 1.2.1
Lighttpd Lighttpd 1.1.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
5
CVSSv2
CVE-2005-0453
The buffer_urldecode function in Lighttpd 1.3.7 and previous versions does not properly handle control characters, which allows remote malicious users to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.
Lighttpd Lighttpd 1.3.7
4.3
CVSSv2
CVE-2022-22707
In lighttpd 1.4.46 up to and including 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-defaul...
Lighttpd Lighttpd
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2 Github repositories
4.3
CVSSv2
CVE-2013-3619
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interfa...
Supermicro Smt X9 Firmware
Supermicro Smt X8 Firmware
Citrix Netscaler Sdx Firmware 10
Citrix Netscaler Firmware -
Citrix Netscaler Sd-wan Firmware -
4.3
CVSSv2
CVE-2014-2334
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer prior to 5.0.7 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
Fortinet Fortianalyzer Firmware
4.3
CVSSv2
CVE-2013-4508
lighttpd prior to 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote malicious users to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
Lighttpd Lighttpd
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »