lighttpd prior to 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote malicious users to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lighttpd lighttpd |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
debian debian linux 6.0 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 12.2 |
||
opensuse opensuse 13.1 |