2.6
CVSSv2

CVE-2013-4560

Published: 20/11/2013 Updated: 19/02/2021
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Summary

Use-after-free vulnerability in lighttpd prior to 1.4.33 allows remote malicious users to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lighttpd lighttpd 1.4.3

lighttpd lighttpd 1.4.4

lighttpd lighttpd 1.4.5

lighttpd lighttpd 1.4.6

lighttpd lighttpd 1.4.7

lighttpd lighttpd 1.4.8

lighttpd lighttpd 1.4.9

lighttpd lighttpd 1.4.10

lighttpd lighttpd 1.4.11

lighttpd lighttpd 1.4.12

lighttpd lighttpd 1.4.13

lighttpd lighttpd 1.4.14

lighttpd lighttpd 1.4.15

lighttpd lighttpd 1.4.16

lighttpd lighttpd 1.4.17

lighttpd lighttpd 1.4.18

lighttpd lighttpd 1.4.19

lighttpd lighttpd 1.4.20

lighttpd lighttpd 1.4.21

lighttpd lighttpd 1.4.22

lighttpd lighttpd 1.4.23

lighttpd lighttpd 1.4.24

lighttpd lighttpd 1.4.25

lighttpd lighttpd 1.4.26

lighttpd lighttpd 1.4.27

lighttpd lighttpd 1.4.28

lighttpd lighttpd 1.4.29

lighttpd lighttpd 1.4.30

lighttpd lighttpd 1.4.31

lighttpd lighttpd

debian debian linux 6.0

debian debian linux 7.0

debian debian linux 7.1

Vendor Advisories

Debian Bug report logs - #729453 lighttpd: multiple security issues Package: lighttpd; Maintainer for lighttpd is Debian QA Group <packages@qadebianorg>; Source for lighttpd is src:lighttpd (PTS, buildd, popcon) Reported by: Michael Gilbert <mgilbert@debianorg> Date: Wed, 13 Nov 2013 04:15:01 UTC Severity: seriou ...
Several vulnerabilities have been discovered in the lighttpd web server It was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd An upstream patch has now been applied that provides an appropriate identifier for client certificate verification CVE-2013-4508 It was discovered tha ...
Use-after-free vulnerability in lighttpd before 1433 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures lighttpd before 1434, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inse ...