Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200812-04
HistoryDec 02, 2008 - 12:00 a.m.

lighttpd: Multiple vulnerabilities

2008-12-0200:00:00
Gentoo Foundation
security.gentoo.org
14

0.111 Low

EPSS

Percentile

95.2%

JSON

Background

lighttpd is a lightweight high-performance web server.

Description

Multiple vulnerabilities have been reported in lighttpd:

  • Qhy reported a memory leak in the http_request_parse() function in request.c (CVE-2008-4298).
  • Gaetan Bisson reported that URIs are not decoded before applying url.redirect and url.rewrite rules (CVE-2008-4359).
  • Anders1 reported that mod_userdir performs case-sensitive comparisons on filename components in configuration options, which is insufficient when case-insensitive filesystems are used (CVE-2008-4360).

Impact

A remote attacker could exploit these vulnerabilities to cause a Denial of Service, to bypass intended access restrictions, to obtain sensitive information, or to possibly modify data.

Workaround

There is no known workaround at this time.

Resolution

All lighttpd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.20"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/lighttpd< 1.4.20UNKNOWN

Related

nessus 9
securityvulns 2
fedora 1
debian 1
openvas 8
osv 1
freebsd 1
ibm 1
prion 3
cvelist 3
seebug 2
debiancve 3
ubuntucve 3
cve 3
nessus
nessus
openSUSE Security Update : lighttpd (lighttpd-309)
2009-07-21 00:00:00
GLSA-200812-04 : lighttpd: Multiple vulnerabilities
2008-12-03 00:00:00
openSUSE 10 Security Update : lighttpd (lighttpd-5785)
2008-11-18 00:00:00
securityvulns
securityvulns
lighthttpd multiple security vulnerabilities
2008-10-06 00:00:00
[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems
2008-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: lighttpd-1.4.20-6.fc9
2009-02-12 20:37:45
debian
debian
[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems
2008-10-06 17:29:51
openvas
openvas
Fedora Core 9 FEDORA-2008-11923 (lighttpd)
2009-02-13 00:00:00
FreeBSD Ports: lighttpd
2008-10-03 00:00:00
Gentoo Security Advisory GLSA 200812-04 (lighttpd)
2008-12-03 00:00:00
osv
osv
lighttpd - various problems
2008-10-06 00:00:00
freebsd
freebsd
lighttpd -- multiple vulnerabilities
2008-09-26 00:00:00
ibm
ibm
Security Bulletin: IBM System x Integrated Management Module (IMM) Lighttpd W (CVE-2011-4362, CVE-2010-0295, CVE-2008-4360, CVE-2008-4359, CVE-20084298, CVE-2008-1531)
2019-01-30 08:20:01
prion
prion
Memory corruption
2008-09-27 10:30:00
Default configuration
2008-10-03 17:41:00
Code injection
2008-10-03 17:41:00
cvelist
cvelist
CVE-2008-4360
2008-10-03 17:18:00
CVE-2008-4359
2008-10-03 17:18:00
CVE-2008-4298
2008-09-27 00:00:00
seebug
seebug
Lighttpd URI重写/重定向信息泄露漏洞
2008-10-08 00:00:00
Lighttpd 'mod_userdir'大小写区分对比安全绕过漏洞
2008-10-08 00:00:00
debiancve
debiancve
CVE-2008-4359
2008-10-03 17:41:40
CVE-2008-4360
2008-10-03 17:41:40
CVE-2008-4298
2008-09-27 10:30:03
ubuntucve
ubuntucve
CVE-2008-4298
2008-09-27 00:00:00
CVE-2008-4359
2008-10-03 00:00:00
CVE-2008-4360
2008-10-03 00:00:00
cve
cve
CVE-2008-4359
2008-10-03 17:41:40
CVE-2008-4360
2008-10-03 17:41:40
CVE-2008-4298
2008-09-27 10:30:03

0.111 Low

EPSS

Percentile

95.2%

JSON
Related for GLSA-200812-04
nessus9securityvulns2fedora1debian1openvas8osv1freebsd1ibm1prion3cvelist3seebug2debiancve3ubuntucve3cve3