Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0983
lighttpd 1.4.18, and possibly other versions prior to 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote malicious users to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.14
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.9
NA
CVE-2007-4727
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd prior to 1.4.18 allows remote malicious users to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as de...
Lighttpd Lighttpd
NA
CVE-2007-3946
mod_auth (http_auth.c) in lighttpd prior to 1.4.16 allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the A...
Lighttpd Lighttpd
NA
CVE-2007-3947
request.c in lighttpd 1.4.15 allows remote malicious users to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
Lighttpd Lighttpd
1 EDB exploit
NA
CVE-2007-3948
connections.c in lighttpd prior to 1.4.16 might accept more connections than the configured maximum, which allows remote malicious users to cause a denial of service (failed assertion) via a large number of connection attempts.
Lighttpd Lighttpd
NA
CVE-2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote malicious users to bypass url.access-deny settings.
Lighttpd Lighttpd
NA
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_web...
Lighttpd Lighttpd
NA
CVE-2007-1869
lighttpd 1.4.12 and 1.4.13 allows remote malicious users to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.12
NA
CVE-2007-1870
lighttpd prior to 1.4.14 allows malicious users to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.13
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.7
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.2
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
Lighttpd Lighttpd 1.3.4
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.8
NA
CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote malicious users to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP...
Lighttpd Lighttpd 1.1.0
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.1.9
Lighttpd Lighttpd 1.2.0
Lighttpd Lighttpd 1.2.7
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.14
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.3.8
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.1.2
Lighttpd Lighttpd 1.1.3
Lighttpd Lighttpd 1.2.1
Lighttpd Lighttpd 1.1.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.10
Lighttpd Lighttpd 1.3.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »