Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3642-1:B5BEE
HistoryAug 06, 2016 - 2:36 a.m.

[SECURITY] [DSA 3642-1] lighttpd security update

2016-08-0602:36:28
lists.debian.org
10
JSON

Debian Security Advisory DSA-3642-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
August 05, 2016 https://www.debian.org/security/faq

Package : lighttpd
CVE ID : CVE-2016-1000212
Debian Bug : 832571

Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior
in the lighttpd web server. Lighttpd assigned Proxy header values from
client requests to internal HTTP_PROXY environment variables, allowing
remote attackers to carry out Man in the Middle (MITM) attacks or
initiate connections to arbitrary hosts.

For the stable distribution (jessie), this problem has been fixed in
version 1.4.35-4+deb8u1.

We recommend that you upgrade your lighttpd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8alllighttpd< 1.4.35-4+deb8u1lighttpd_1.4.35-4+deb8u1_all.deb

Related

amazon 1
openvas 7
fedora 2
debian 2
nessus 5
cve 1
mageia 1
ibm 2
ubuntucve 1
osv 1
debiancve 1
amazon
amazon
Important: lighttpd
2016-09-15 19:00:00
openvas
openvas
Debian Security Advisory DSA 3642-1 (lighttpd - security update)
2016-08-05 00:00:00
Debian: Security Advisory (DLA-583-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3642-1)
2016-08-04 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: lighttpd-1.4.41-1.fc23
2016-08-10 11:00:39
[SECURITY] Fedora 24 Update: lighttpd-1.4.41-1.fc24
2016-08-10 07:26:31
debian
debian
[SECURITY] [DSA 3642-1] lighttpd security update
2016-08-06 02:36:05
[SECURITY] [DLA 583-1] lighttpd security update
2016-08-03 06:05:54
nessus
nessus
Debian DSA-3642-1 : lighttpd - security update
2016-08-15 00:00:00
Amazon Linux AMI : lighttpd (ALAS-2016-746)
2016-09-16 00:00:00
Debian DLA-583-1 : lighttpd security update
2016-08-04 00:00:00
cve
cve
CVE-2016-1000212
2022-02-25 11:44:09
mageia
mageia
Updated lighttpd packages fix security vulnerability
2016-11-25 20:04:30
ibm
ibm
Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212)
2018-06-18 01:33:23
Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM)
2019-01-31 02:25:02
ubuntucve
ubuntucve
CVE-2016-1000212
2016-07-27 00:00:00
osv
osv
lighttpd - security update
2016-08-03 00:00:00
debiancve
debiancve
CVE-2016-1000212
2022-02-25 11:44:09
JSON
Related for DEBIAN:DSA-3642-1:B5BEE
amazon1openvas7fedora2debian2nessus5cve1mageia1ibm2ubuntucve1osv1debiancve1