Published: 14/03/2014 Updated: 24/02/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd prior to 1.4.35 allow remote malicious users to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lighttpd lighttpd
debian debian linux 6.0
debian debian linux 7.0
debian debian linux 8.0
opensuse opensuse 11.4
opensuse opensuse 12.3
opensuse opensuse 13.1
suse linux enterprise high availability extension 11
suse linux enterprise software development kit 11
contec sv-cpt-mc310_firmware

Debian Bug report logs - #741493 lighttpd: SA_2014_01 Package: src:lighttpd; Maintainer for src:lighttpd is Debian QA Group <packages@qadebianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Thu, 13 Mar 2014 00:39:02 UTC Severity: serious Found in version lighttpd/1428-2 Fixed in versions lighttpd ...

Several vulnerabilities were discovered in the lighttpd web server CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module (mod_mysql_vhost) This only affects installations with the lighttpd-mod-mysql-vhost bi ...

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1435 allow remote attackers to read arbitrary files via a (dot dot) in the host name, related to request_check_hostname SQL injection vulnerability in mod_mysql_vhostc in lighttpd before 1435 allows remote attackers to execute arbitra ...

CVE-2014-2323 exploit demonstration

title members date Ep4 - Vulnerabilidade Relacionada Redes Ciro S Costa Marcela Terakado 10 Nov, 2015 Vulnerabilidade relacionada: CVE-2014-2323 [1] was assigned to SQL injection bug CVE-2014-2324 [2] was assigned to the path traversal bug Confirm: downloadlighttpdnet/lighttpd/s

Simple uc httpd exploit made with py3.. this exploit was written from CVE-2014-2324

uc httpd exploit lighthttpd Simple uc httpd exploit made with py3 this exploit was written from CVE-2014-2324 Description Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1435 allow remote attackers to read arbitrary files via a (dot dot) in the host name, related to request_check_hostname enwikipediaor

CWE-22 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt http://seclists.org/oss-sec/2014/q1/564 http://www.lighttpd.net/2014/3/12/1.4.35/http://seclists.org/oss-sec/2014/q1/561 http://www.debian.org/security/2014/dsa-2877 http://secunia.com/advisories/57404 http://secunia.com/advisories/57514 http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html http://www.securityfocus.com/bid/66157 http://marc.info/?l=bugtraq&m=141576815022399&w=2 http://jvn.jp/en/jp/JVN37417423/index.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741493 https://nvd.nist.gov https://github.com/cirocosta/lighty-sqlinj-demo https://www.debian.org/security/./dsa-2877

CVE-2014-2324

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect