6.1 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.2%
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.