Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lighttpd lighttpd 1.4.20 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-4359
lighttpd prior to 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote malicious users to bypass intended access restrictions, and obtain sensitive information or possibly modi...
Lighttpd Lighttpd
Debian Debian Linux 4.0
7.5
CVSSv2
CVE-2008-4360
mod_userdir in lighttpd prior to 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote malicious users to bypass intended access restrictions, as demons...
Lighttpd Lighttpd
Debian Debian Linux 4.0
5
CVSSv2
CVE-2010-0295
lighttpd prior to 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote malicious users to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.4.21
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.2.2
Lighttpd Lighttpd 1.3.0
Lighttpd Lighttpd 1.0.3
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.4.24
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.13
1 EDB exploit
5
CVSSv2
CVE-2008-4298
Memory leak in the http_request_parse function in request.c in lighttpd prior to 1.4.20 allows remote malicious users to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.2.3
Lighttpd Lighttpd 1.2.5
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.3.6
Lighttpd Lighttpd 1.3.12
Lighttpd Lighttpd 1.3.15
Lighttpd Lighttpd 1.4.1
Lighttpd Lighttpd 1.2.2
Lighttpd Lighttpd 1.3.0
Lighttpd Lighttpd
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.1.6
Lighttpd Lighttpd 1.4.17
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.1.5
Lighttpd Lighttpd 1.3.9
Lighttpd Lighttpd 1.2.4
Lighttpd Lighttpd 1.3.5
Lighttpd Lighttpd 1.1.1
Lighttpd Lighttpd 1.2.8
Lighttpd Lighttpd 1.3.13
1.9
CVSSv2
CVE-2013-1427
The configuration file for the FastCGI PHP support for lighttpd prior to 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a diffe...
Lighttpd Lighttpd
Lighttpd Lighttpd 1.3.16
Lighttpd Lighttpd 1.4.3
Lighttpd Lighttpd 1.4.4
Lighttpd Lighttpd 1.4.5
Lighttpd Lighttpd 1.4.6
Lighttpd Lighttpd 1.4.7
Lighttpd Lighttpd 1.4.8
Lighttpd Lighttpd 1.4.9
Lighttpd Lighttpd 1.4.10
Lighttpd Lighttpd 1.4.11
Lighttpd Lighttpd 1.4.12
Lighttpd Lighttpd 1.4.13
Lighttpd Lighttpd 1.4.15
Lighttpd Lighttpd 1.4.16
Lighttpd Lighttpd 1.4.18
Lighttpd Lighttpd 1.4.19
Lighttpd Lighttpd 1.4.20
Lighttpd Lighttpd 1.4.21
Lighttpd Lighttpd 1.4.22
Lighttpd Lighttpd 1.4.23
Lighttpd Lighttpd 1.4.24
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started