Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2013-4508

Published: 08/11/2013 Updated: 26/02/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Lighttpd

Vulnerability Summary

lighttpd prior to 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote malicious users to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lighttpd lighttpd

debian debian linux 6.0

debian debian linux 7.0

debian debian linux 8.0

opensuse opensuse 12.2

opensuse opensuse 12.3

opensuse opensuse 13.1

Vendor Advisories

Debian CVElist Bug Report Logs: lighttpd: multiple security issues
Debian Bug report logs - #729453 lighttpd: multiple security issues Package: lighttpd; Maintainer for lighttpd is Debian QA Group <packages@qadebianorg>; Source for lighttpd is src:lighttpd (PTS, buildd, popcon) Reported by: Michael Gilbert <mgilbert@debianorg> Date: Wed, 13 Nov 2013 04:15:01 UTC Severity: seriou ...
Debian Security Advisories: DSA-2795-2 lighttpd -- several vulnerabilities
Several vulnerabilities have been discovered in the lighttpd web server It was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd An upstream patch has now been applied that provides an appropriate identifier for client certificate verification CVE-2013-4508 It was discovered tha ...
Amazon Linux AMI: ALAS-2014-299
Use-after-free vulnerability in lighttpd before 1433 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures lighttpd before 1434, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inse ...

References

CWE-326http://openwall.com/lists/oss-security/2013/11/04/19http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txthttp://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/http://redmine.lighttpd.net/issues/2525http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.htmlhttp://marc.info/?l=bugtraq&m=141576815022399&w=2https://www.debian.org/security/2013/dsa-2795http://jvn.jp/en/jp/JVN37417423/index.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729453https://nvd.nist.govhttps://www.debian.org/security/./dsa-2795
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook