mod_auth in lighttpd prior to 1.4.36 allows remote malicious users to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lighttpd lighttpd |
||
hp virtual customer access system |
||
oracle solaris 11.3 |