Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2019-11072

Published: 10/04/2019 Updated: 11/04/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Lighttpd

Vulnerability Summary

lighttpd prior to 1.4.54 has a signed integer overflow, which might allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lighttpd lighttpd

Vendor Advisories

Debian CVElist Bug Report Logs: lighttpd: CVE-2019-11072
Debian Bug report logs - #926885 lighttpd: CVE-2019-11072 Package: src:lighttpd; Maintainer for src:lighttpd is Debian QA Group <packages@qadebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 11 Apr 2019 19:24:02 UTC Severity: grave Tags: security, upstream Found in version lighttpd/1453 ...

Github Repositories

https://github.com/frostworx/revopoint-pop2-linux-info

linux related informations about RevoPoint Pop2

revopoint-pop2-linux-info linux related informations about RevoPoint Pop 2 I'm one of the backers of the RevoPoint Pop 2 kickstarter campain and asked for Linux support directly after backing (the reply sounded like "We might look into it when the windows release is more stable") Of course I still hope this will happen officially one day, but I have the device si

https://github.com/jreisinger/checkip

Get (security) info about IP addresses

checkip Sometimes I come across an IP address, for example when reviewing logs And I'd like to find out more about this numerical label Checkip is CLI tool and Go library that provides generic and security information about IP addresses in a quick way $ checkip 9122816647 --- 9122816647 --- db-ipcom Petržalka, Slovakia dns name skh1-webredir01-vese

References

CWE-190https://redmine.lighttpd.net/issues/2945https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354http://www.securityfocus.com/bid/107907https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926885https://nvd.nist.govhttps://github.com/frostworx/revopoint-pop2-linux-info
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook