Debian DSA-5243-1 : lighttpd - security update

2022-09-29T00:00:00

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5243 advisory. - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. (CVE-2022-41556) - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

{"id": "DEBIAN_DSA-5243.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-5243-1 : lighttpd - security update", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5243 advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-09-29T00:00:00", "modified": "2023-03-21T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/165548", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2022-37797", "https://security-tracker.debian.org/tracker/CVE-2022-41556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37797", "https://security-tracker.debian.org/tracker/source-package/lighttpd", "https://www.debian.org/security/2022/dsa-5243", "https://packages.debian.org/source/bullseye/lighttpd"], "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "immutableFields": [], "lastseen": "2023-05-17T16:35:06", "viewCount": 7, "enchantments": {"score": {"value": 7.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-41556"]}, {"type": "amazon", "idList": ["ALAS-2023-1705"]}, {"type": "cve", "idList": ["CVE-2022-37797", "CVE-2022-41556"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3133-1:056A2", "DEBIAN:DSA-5243-1:A6710"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-37797", "DEBIANCVE:CVE-2022-41556"]}, {"type": "fedora", "idList": ["FEDORA:0076E306E5CF"]}, {"type": "gentoo", "idList": ["GLSA-202210-12"]}, {"type": "mageia", "idList": ["MGASA-2022-0369"]}, {"type": "nessus", "idList": ["ALA_ALAS-2023-1705.NASL", "DEBIAN_DLA-3133.NASL", "FEDORA_2022-C26B19568D.NASL", "GENTOO_GLSA-202210-12.NASL", "OPENSUSE-2022-10132-1.NASL", "SOLARIS_JAN2023_SRU11_4_53_132_2.NASL", "UBUNTU_USN-5903-1.NASL"]}, {"type": "osv", "idList": ["OSV:CVE-2022-41556", "OSV:DLA-3133-1", "OSV:DSA-5243-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10132-1", "OPENSUSE-SU-2022:10140-1"]}, {"type": "ubuntu", "idList": ["USN-5903-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-37797", "UB:CVE-2022-41556"]}, {"type": "veracode", "idList": ["VERACODE:37103", "VERACODE:37510"]}]}, "epss": [{"cve": "CVE-2022-37797", "epss": 0.0016, "percentile": 0.51149, "modified": "2023-05-02"}, {"cve": "CVE-2022-41556", "epss": 0.00165, "percentile": 0.5174, "modified": "2023-05-02"}], "vulnersScore": 7.8}, "_state": {"score": 1684341429, "dependencies": 1684372553, "epss": 0}, "_internal": {"score_hash": "cc00f430387b4ebc36c2ebbf057d75d5"}, "pluginID": "165548", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5243. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165548);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-37797\", \"CVE-2022-41556\");\n\n script_name(english:\"Debian DSA-5243-1 : lighttpd - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5243 advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-37797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-41556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/lighttpd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the lighttpd packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.4.59-1+deb11u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'lighttpd', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-doc', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-gssapi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-pam', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-sasl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-cml', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-deflate', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-geoip', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-magnet', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-maxminddb', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-mbedtls', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-nss', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-openssl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-trigger-b4-dl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-dbi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-pgsql', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-webdav', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-wolfssl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-dbi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-ldap', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-lua', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-mysql', 'reference': '1.4.59-1+deb11u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-doc / lighttpd-mod-authn-gssapi / etc');\n}\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "p-cpe:/a:debian:debian_linux:lighttpd-doc", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-cml", "p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate", "p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip", "p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet", "p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb", "p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls", "p-cpe:/a:debian:debian_linux:lighttpd-mod-nss", "p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav", "p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl", "p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap", "p-cpe:/a:debian:debian_linux:lighttpd-modules-lua", "p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql", "cpe:/o:debian:debian_linux:11.0"], "solution": "Upgrade the lighttpd packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.4.59-1+deb11u2.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2022-41556", "vendor_cvss2": {"score": 7.8, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "vendor_cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-09-28T00:00:00", "vulnerabilityPublicationDate": "2022-09-12T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-17T16:36:51", "description": "The remote host is affected by the vulnerability described in GLSA-202210-12 (Lighttpd: Denial of Service)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-31T00:00:00", "type": "nessus", "title": "GLSA-202210-12 : Lighttpd: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:lighttpd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202210-12.NASL", "href": "https://www.tenable.com/plugins/nessus/166723", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202210-12.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166723);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/31\");\n\n script_cve_id(\"CVE-2022-37797\", \"CVE-2022-41556\");\n\n script_name(english:\"GLSA-202210-12 : Lighttpd: Denial of Service\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202210-12 (Lighttpd: Denial of Service)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202210-12\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=869890\");\n script_set_attribute(attribute:\"solution\", value:\n\"All lighttpd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-servers/lighttpd-1.4.67\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'www-servers/lighttpd',\n 'unaffected' : make_list(\"ge 1.4.67\", \"lt 1.0.0\"),\n 'vulnerable' : make_list(\"lt 1.4.67\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Lighttpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:56", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10132-1 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:10132-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_gssapi", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_ldap", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_pam", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_sasl", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_maxminddb", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_dbi", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_ldap", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_mysql", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_pgsql", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10132-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165586", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10132-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165586);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/02\");\n\n script_cve_id(\"CVE-2022-37797\");\n\n script_name(english:\"openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:10132-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:10132-1 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203358\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ATUOJQDWIRALBMVI5GOSOGPZP5AWVAZF/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a69d85a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-37797\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-37797\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'lighttpd-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_gssapi-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_ldap-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_pam-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_sasl-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_magnet-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_maxminddb-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_rrdtool-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_dbi-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_ldap-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_mysql-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_pgsql-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_webdav-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-mod_authn_gssapi / lighttpd-mod_authn_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:57", "description": "The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3133 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-05T00:00:00", "type": "nessus", "title": "Debian DLA-3133-1 : lighttpd - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "p-cpe:/a:debian:debian_linux:lighttpd-doc", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-ldap", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-mysql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-cml", "p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip", "p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet", "p-cpe:/a:debian:debian_linux:lighttpd-mod-mysql-vhost", "cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav", "p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap"], "id": "DEBIAN_DLA-3133.NASL", "href": "https://www.tenable.com/plugins/nessus/165654", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3133. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165654);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/02\");\n\n script_cve_id(\"CVE-2022-37797\");\n\n script_name(english:\"Debian DLA-3133-1 : lighttpd - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3133\nadvisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-37797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/lighttpd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the lighttpd packages.\n\nFor Debian 10 buster, this problem has been fixed in version 1.4.53-4+deb10u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-37797\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-mysql-vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'lighttpd', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-doc', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-gssapi', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-ldap', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-mysql', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-pam', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-sasl', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-cml', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-geoip', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-magnet', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-mysql-vhost', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-trigger-b4-dl', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-vhostdb-dbi', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-vhostdb-pgsql', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-webdav', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-modules-ldap', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-modules-mysql', 'reference': '1.4.53-4+deb10u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-doc / lighttpd-mod-authn-gssapi / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:33", "description": "The version of lighttpd installed on the remote host is prior to 1.4.53-1.37. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1705 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-22T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : lighttpd (ALAS-2023-1705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2023-04-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:lighttpd", "p-cpe:/a:amazon:linux:lighttpd-debuginfo", "p-cpe:/a:amazon:linux:lighttpd-fastcgi", "p-cpe:/a:amazon:linux:lighttpd-mod_authn_gssapi", "p-cpe:/a:amazon:linux:lighttpd-mod_authn_mysql", "p-cpe:/a:amazon:linux:lighttpd-mod_authn_pam", "p-cpe:/a:amazon:linux:lighttpd-mod_geoip", "p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2023-1705.NASL", "href": "https://www.tenable.com/plugins/nessus/173282", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1705.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173282);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2022-37797\");\n\n script_name(english:\"Amazon Linux AMI : lighttpd (ALAS-2023-1705)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of lighttpd installed on the remote host is prior to 1.4.53-1.37. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2023-1705 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2023-1705.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-37797.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update lighttpd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-37797\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_authn_gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_authn_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_authn_pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'lighttpd-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-debuginfo-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-debuginfo-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-fastcgi-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-fastcgi-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_gssapi-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_gssapi-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_mysql-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_mysql-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_pam-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_pam-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_geoip-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_geoip-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_mysql_vhost-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_mysql_vhost-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-fastcgi / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:39:58", "description": "The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c26b19568d advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-23T00:00:00", "type": "nessus", "title": "Fedora 35 : lighttpd (2022-c26b19568d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "id": "FEDORA_2022-C26B19568D.NASL", "href": "https://www.tenable.com/plugins/nessus/169260", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-c26b19568d\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169260);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/23\");\n\n script_cve_id(\"CVE-2022-41556\");\n script_xref(name:\"FEDORA\", value:\"2022-c26b19568d\");\n\n script_name(english:\"Fedora 35 : lighttpd (2022-c26b19568d)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2022-c26b19568d advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-c26b19568d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lighttpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'lighttpd-1.4.67-1.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:43:59", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5903-1 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. (CVE-2022-22707)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-01T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : lighttpd vulnerabilities (USN-5903-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22707", "CVE-2022-41556"], "modified": "2023-03-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:lighttpd", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-dev", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-pam", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-cml", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-deflate", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-geoip", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-gnutls", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-magnet", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-maxminddb", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-mbedtls", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-nss", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-openssl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-webdav", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-wolfssl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-dbi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-ldap", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-lua", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-mysql"], "id": "UBUNTU_USN-5903-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172024", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5903-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172024);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/01\");\n\n script_cve_id(\"CVE-2022-22707\", \"CVE-2022-41556\");\n script_xref(name:\"USN\", value:\"5903-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : lighttpd vulnerabilities (USN-5903-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5903-1 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has\n a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service\n (daemon crash) in a non-default configuration. The non-default configuration requires handling of the\n Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected\n than a 64-bit system. (CVE-2022-22707)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5903-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22707\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-mbedtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-wolfssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|22\\.04|22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04 / 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'lighttpd', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-dev', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-cml', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-geoip', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-magnet', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-trigger-b4-dl', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-vhostdb-dbi', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '22.04', 'pkgname': 'lighttpd', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-deflate', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-geoip', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-mbedtls', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-nss', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-openssl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-trigger-b4-dl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-wolfssl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-dbi', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-lua', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-deflate', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-gnutls', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-mbedtls', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-nss', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-openssl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-wolfssl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-dbi', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-lua', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.65-2ubuntu1.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-dev / lighttpd-mod-authn-gssapi / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:09", "description": "This Solaris system is missing necessary patches to address critical security updates :\n\n - Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (glibc)). Supported versions that are affected are 8.4, 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).\n (CVE-2022-23219)\n\n - Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (glibc)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n (CVE-2022-23218)\n\n - Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component:\n Policy (GNU Libtasn1)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy.\n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2021-46848)\n\n - Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component:\n DC-Specific Component (LibExpat)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-43680)\n\n - Vulnerability in the Oracle Database OML4PY (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database OML4PY (Python).\n Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database OML4PY (Python). CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2022-45061)\n\n - Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 4.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).\n (CVE-2023-21900)", "cvss3": {}, "published": "2023-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46848", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-3204", "CVE-2022-3276", "CVE-2022-37797", "CVE-2022-39253", "CVE-2022-39260", "CVE-2022-3970", "CVE-2022-41556", "CVE-2022-43680", "CVE-2022-44638", "CVE-2022-45061", "CVE-2022-45063", "CVE-2022-46872", "CVE-2022-46874", "CVE-2022-46875", "CVE-2022-46878", "CVE-2022-46880", "CVE-2022-46881", "CVE-2022-46882", "CVE-2023-21900"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/o:oracle:solaris"], "id": "SOLARIS_JAN2023_SRU11_4_53_132_2.NASL", "href": "https://www.tenable.com/plugins/nessus/170171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jan2023.\n#\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(170171);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2021-46848\", \"CVE-2022-23218\", \"CVE-2022-23219\", \"CVE-2022-3204\", \"CVE-2022-3276\", \"CVE-2022-37797\", \"CVE-2022-39253\", \"CVE-2022-39260\", \"CVE-2022-3970\", \"CVE-2022-41556\", \"CVE-2022-43680\", \"CVE-2022-44638\", \"CVE-2022-45061\", \"CVE-2022-45063\", \"CVE-2022-46872\", \"CVE-2022-46874\", \"CVE-2022-46875\", \"CVE-2022-46878\", \"CVE-2022-46880\", \"CVE-2022-46881\", \"CVE-2022-46882\", \"CVE-2023-21900\");\n script_xref(name:\"IAVA\", value:\"2023-A-0046\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2\");\n script_summary(english:\"Check for the jan2023 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Solaris system is missing a security patch from CPU\njan2023.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Oracle Communications Session\n Border Controller product of Oracle Communications\n (component: Routing (glibc)). Supported versions that\n are affected are 8.4, 9.0 and 9.1. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via HTTP to compromise Oracle\n Communications Session Border Controller. Successful\n attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash\n (complete DOS) of Oracle Communications Session Border\n Controller as well as unauthorized update, insert or\n delete access to some of Oracle Communications Session\n Border Controller accessible data and unauthorized read\n access to a subset of Oracle Communications Session\n Border Controller accessible data. CVSS 3.1 Base Score\n 7.0 (Confidentiality, Integrity and Availability\n impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).\n (CVE-2022-23219)\n\n - Vulnerability in the Oracle Communications Cloud Native\n Core Unified Data Repository product of Oracle\n Communications (component: Signaling (glibc)). The\n supported version that is affected is 22.1.1. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via HTTP to compromise\n Oracle Communications Cloud Native Core Unified Data\n Repository. Successful attacks of this vulnerability can\n result in takeover of Oracle Communications Cloud Native\n Core Unified Data Repository. CVSS 3.1 Base Score 9.8\n (Confidentiality, Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n (CVE-2022-23218)\n\n - Vulnerability in the Oracle Communications Cloud Native\n Core Policy product of Oracle Communications (component:\n Policy (GNU Libtasn1)). Supported versions that are\n affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via HTTPS to compromise\n Oracle Communications Cloud Native Core Policy.\n Successful attacks of this vulnerability can result in\n unauthorized access to critical data or complete access\n to all Oracle Communications Cloud Native Core Policy\n accessible data and unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of Oracle\n Communications Cloud Native Core Policy. CVSS 3.1 Base\n Score 9.1 (Confidentiality and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2021-46848)\n\n - Vulnerability in the Oracle Outside In Technology\n product of Oracle Fusion Middleware (component:\n DC-Specific Component (LibExpat)). The supported version\n that is affected is 8.5.6. Easily exploitable\n vulnerability allows unauthenticated attacker with\n network access via HTTP to compromise Oracle Outside In\n Technology. Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of Oracle\n Outside In Technology. CVSS 3.1 Base Score 7.5\n (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-43680)\n\n - Vulnerability in the Oracle Database OML4PY (Python)\n component of Oracle Database Server. The supported\n version that is affected is 21c. Easily exploitable\n vulnerability allows low privileged attacker having\n Authenticated User privilege with network access via\n HTTP to compromise Oracle Database OML4PY (Python).\n Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Oracle Database OML4PY\n (Python). CVSS 3.1 Base Score 4.3 (Availability\n impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).\n (CVE-2022-45061)\n\n - Vulnerability in the Oracle Solaris product of Oracle\n Systems (component: NSSwitch). Supported versions that\n are affected are 10 and 11. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n Oracle Solaris. Successful attacks require human\n interaction from a person other than the attacker and\n while the vulnerability is in Oracle Solaris, attacks\n may significantly impact additional products (scope\n change). Successful attacks of this vulnerability can\n result in unauthorized update, insert or delete access\n to some of Oracle Solaris accessible data and\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Oracle Solaris. CVSS 3.1 Base\n Score 4.0 (Integrity and Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).\n (CVE-2023-21900)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2920776.1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujan2023.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the jan2023 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"11.4-11.4.53.0.1.132.2\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"11.4-11.4.53.0.1.132.2\", sru:\"11.4.53.132.2\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report2());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2023-06-03T15:07:29", "description": "### Background\n\nLighttpd is a lightweight high-performance web server.\n\n### Description\n\nLighttpd's mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.\n\n### Impact\n\nAn attacker can trigger a denial of service via making Lighttpd try to call an uninitialized function pointer.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll lighttpd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/lighttpd-1.4.67\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-31T00:00:00", "type": "gentoo", "title": "Lighttpd: Denial of Service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-31T00:00:00", "id": "GLSA-202210-12", "href": "https://security.gentoo.org/glsa/202210-12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-06-03T15:12:48", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797) A resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests. (CVE-2022-41556) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-13T20:05:19", "type": "mageia", "title": "Updated lighttpd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-13T20:05:19", "id": "MGASA-2022-0369", "href": "https://advisories.mageia.org/MGASA-2022-0369.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2023-06-03T22:11:25", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5243-1 security@debian.org\nhttps://www.debian.org/security/ Helmut Grohne\nSeptember 28, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nCVE ID : CVE-2022-37797 CVE-2022-41556\n\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint.\n\nCVE-2022-37797\n\n An invalid HTTP request (websocket handshake) may cause a NULL\n pointer dereference in the wstunnel module.\n\nCVE-2022-41556\n\n A resource leak in mod_fastcgi and mod_scgi could lead to a denial\n of service after a large number of bad HTTP requests.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.59-1+deb11u2.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFor the detailed security status of lighttpd please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/lighttpd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-28T16:05:19", "type": "debian", "title": "[SECURITY] [DSA 5243-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-09-28T16:05:19", "id": "DEBIAN:DSA-5243-1:A6710", "href": "https://lists.debian.org/debian-security-announce/2022/msg00212.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-02T19:40:19", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3133-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Helmut Grohne\nOctober 03, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : lighttpd\nVersion : 1.4.53-4+deb10u3\nCVE ID : CVE-2022-37797\n\nAn invalid HTTP request (websocket handshake) may cause a NULL\npointer dereference in the wstunnel module.\n\nFor Debian 10 buster, this problem has been fixed in version\n1.4.53-4+deb10u3.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFor the detailed security status of lighttpd please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/lighttpd\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-03T07:47:47", "type": "debian", "title": "[SECURITY] [DLA 3133-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-10-03T07:47:47", "id": "DEBIAN:DLA-3133-1:056A2", "href": "https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-09-28T18:19:46", "description": "\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint.\n\n\n* [CVE-2022-37797](https://security-tracker.debian.org/tracker/CVE-2022-37797)\nAn invalid HTTP request (websocket handshake) may cause a NULL\n pointer dereference in the wstunnel module.\n* [CVE-2022-41556](https://security-tracker.debian.org/tracker/CVE-2022-41556)\nA resource leak in mod\\_fastcgi and mod\\_scgi could lead to a denial\n of service after a large number of bad HTTP requests.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.59-1+deb11u2.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\n\nFor the detailed security status of lighttpd please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/lighttpd](https://security-tracker.debian.org/tracker/lighttpd)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-09-28T00:00:00", "type": "osv", "title": "lighttpd - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-09-28T18:19:35", "id": "OSV:DSA-5243-1", "href": "https://osv.dev/vulnerability/DSA-5243-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-03T21:11:07", "description": "\nAn invalid HTTP request (websocket handshake) may cause a `NULL`\npointer dereference in the wstunnel module.\n\n\nFor Debian 10 buster, this problem has been fixed in version\n1.4.53-4+deb10u3.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\n\nFor the detailed security status of lighttpd please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/lighttpd>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-10-03T00:00:00", "type": "osv", "title": "lighttpd - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-10-03T21:11:04", "id": "OSV:DLA-3133-1", "href": "https://osv.dev/vulnerability/DLA-3133-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-03T07:20:14", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {}, "published": "2022-10-06T18:17:00", "type": "osv", "title": "CVE-2022-41556", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T07:20:12", "id": "OSV:CVE-2022-41556", "href": "https://osv.dev/vulnerability/CVE-2022-41556", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-09-29T16:05:23", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for lighttpd fixes the following issues:\n\n lighttpd was updated to 1.4.66:\n\n * a number of bug fixes\n * Fix HTTP/2 downloads >= 4GiB\n * Fix SIGUSR1 graceful restart with TLS\n * futher bug fixes\n * CVE-2022-37797: null pointer dereference in mod_wstunnel, possibly a\n remotely triggerable crash (boo#1203358)\n * In an upcoming release the TLS modules will default to using stronger,\n modern chiphers and will default to allow client preference in selecting\n ciphers. \ufffd\ufffd\ufffdCipherString\ufffd\ufffd\ufffd =>\n \ufffd\ufffd\ufffdEECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384\ufffd\ufffd\ufffd, \ufffd\ufffd\ufffdOptions\ufffd\ufffd\ufffd\n => \ufffd\ufffd\ufffd-ServerPreference\ufffd\ufffd\ufffd\n old defaults: \ufffd\ufffd\ufffdCipherString\ufffd\ufffd\ufffd => \ufffd\ufffd\ufffdHIGH\ufffd\ufffd\ufffd, \ufffd\ufffd\ufffdOptions\ufffd\ufffd\ufffd =>\n \ufffd\ufffd\ufffdServerPreference\ufffd\ufffd\ufffd\n * A number of TLS options are how deprecated and will be removed in a\n future release: \ufffd\ufffd\ufffd ssl.honor-cipher-order \ufffd\ufffd\ufffd ssl.dh-file \ufffd\ufffd\ufffd\n ssl.ec-curve \ufffd\ufffd\ufffd ssl.disable-client-renegotiation \ufffd\ufffd\ufffd ssl.use-sslv2 \ufffd\ufffd\ufffd\n ssl.use-sslv3 The replacement option is ssl.openssl.ssl-conf-cmd, but\n lighttpd defaults should be prefered\n * A number of modules are now deprecated and will be removed in a future\n release: mod_evasive, mod_secdownload, mod_uploadprogress, mod_usertrack\n can be replaced by mod_magnet and a few lines of lua.\n\n update to 1.4.65:\n\n * WebSockets over HTTP/2\n * RFC 8441 Bootstrapping WebSockets with HTTP/2\n * HTTP/2 PRIORITY_UPDATE\n * RFC 9218 Extensible Prioritization Scheme for HTTP\n * prefix/suffix conditions in lighttpd.conf\n * mod_webdav safe partial-PUT\n * webdav.opts += (\ufffd\ufffd\ufffdpartial-put-copy-modify\ufffd\ufffd\ufffd => \ufffd\ufffd\ufffdenable\ufffd\ufffd\ufffd)\n * mod_accesslog option: accesslog.escaping = \ufffd\ufffd\ufffdjson\ufffd\ufffd\ufffd\n * mod_deflate libdeflate build option\n * speed up request body uploads via HTTP/2\n * Behavior Changes\n * change default server.max-keep-alive-requests = 1000 to adjust\n * to increasing HTTP/2 usage and to web2/web3 application usage\n * (prior default was 100)\n * mod_status HTML now includes HTTP/2 control stream id 0 in the output\n * which contains aggregate counts for the HTTP/2 connection\n * (These lines can be identified with URL \ufffd\ufffd\ufffd*\ufffd\ufffd\ufffd, part of \ufffd\ufffd\ufffdPRI *\ufffd\ufffd\ufffd\n preface)\n * alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status\n * MIME type application/javascript is translated to text/javascript (RFC\n 9239)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10132=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10132=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-29T00:00:00", "type": "suse", "title": "Security update for lighttpd (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-09-29T00:00:00", "id": "OPENSUSE-SU-2022:10132-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ATUOJQDWIRALBMVI5GOSOGPZP5AWVAZF/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for lighttpd fixes the following issues:\n\n lighttpd was updated to 1.4.67:\n\n * Update comment about TCP_INFO on OpenBSD\n * [mod_ajp13] fix crash with bad response headers (fixes #3170)\n * [core] handle RDHUP when collecting chunked body CVE-2022-41556\n (boo#1203872)\n * [core] tweak streaming request body to backends\n * [core] handle ENOSPC with pwritev() (#3171)\n * [core] manually calculate off_t max (fixes #3171)\n * [autoconf] force large file support (#3171)\n * [multiple] quiet coverity warnings using casts\n * [meson] add license keyword to project declaration\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10140=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10140=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-03T00:00:00", "type": "suse", "title": "Security update for lighttpd (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-03T00:00:00", "id": "OPENSUSE-SU-2022:10140-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T6C6UOQL3XPIYN6MAYXR6H6PCUA7Q4N4/", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-03T14:54:58", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-12T15:15:00", "type": "cve", "title": "CVE-2022-37797", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-03T01:11:00", "cpe": ["cpe:/a:lighttpd:lighttpd:1.4.65", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-37797", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37797", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:lighttpd:lighttpd:1.4.65:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:03:54", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "cve", "title": "CVE-2022-41556", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T01:14:00", "cpe": ["cpe:/o:fedoraproject:fedora:35"], "id": "CVE-2022-41556", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2023-06-03T14:58:02", "description": "**Issue Overview:**\n\nIn lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n \n**Affected Packages:** \n\n\nlighttpd\n\n \n**Issue Correction:** \nRun _yum update lighttpd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_gssapi-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-debuginfo-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-fastcgi-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_mysql_vhost-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_mysql-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_geoip-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_pam-1.4.53-1.37.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 lighttpd-1.4.53-1.37.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 lighttpd-fastcgi-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_mysql-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_geoip-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_gssapi-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_pam-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_mysql_vhost-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-debuginfo-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-1.4.53-1.37.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2022-37797](<https://access.redhat.com/security/cve/CVE-2022-37797>)\n\nMitre: [CVE-2022-37797](<https://vulners.com/cve/CVE-2022-37797>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-17T15:53:00", "type": "amazon", "title": "Important: lighttpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2023-03-22T18:51:00", "id": "ALAS-2023-1705", "href": "https://alas.aws.amazon.com/ALAS-2023-1705.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-03T18:12:14", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-12T15:15:00", "type": "debiancve", "title": "CVE-2022-37797", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-09-12T15:15:00", "id": "DEBIANCVE:CVE-2022-37797", "href": "https://security-tracker.debian.org/tracker/CVE-2022-37797", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T18:12:14", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "debiancve", "title": "CVE-2022-41556", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-06T18:17:00", "id": "DEBIANCVE:CVE-2022-41556", "href": "https://security-tracker.debian.org/tracker/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redos": [{"lastseen": "2023-05-31T10:10:43", "description": "Vulnerability in lighttpd web server is related to null pointer dereferencing error in mod_wstunnel\r\n module when processing invalid HTTP requests. Exploitation of the vulnerability could allow an intruder,\r\n An exploitation of the vulnerability can allow an attacker acting remotely to send specially crafted HTTP requests to the vulnerable web server and perform a\r\n Denial of Service (DoS) attack", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-10T00:00:00", "type": "redos", "title": "ROS-20221004-02", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-04-10T00:00:00", "id": "ROS-20221004-02", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-lighttpd-cve-2022-37797/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-31T10:10:31", "description": "Vulnerability of web server lighttpd is related to memory leak in modules mod_fastcgi and mod_scgi when processing\r\n large number of invalid HTTP requests. Exploitation of the vulnerability could allow an intruder,\r\n Send multiple invalid HTTP requests to a web server and execute a\r\n \"denial of service attack", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-10T00:00:00", "type": "redos", "title": "ROS-20221007-02", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-07-10T00:00:00", "id": "ROS-20221007-02", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-lighttpd-cve-2022-41556/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-06-03T20:08:23", "description": "lighttpd is vulnerable to denial of service. The vulnerability exists due to a lack of initialization when an invalide HTTP request (websocket handshake) leading to a null pointer dereference allowing an attacker to crash the system. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-17T17:55:59", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-03T06:32:03", "id": "VERACODE:37103", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37103/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:53:30", "description": "lighttpd is vulnerable to denial of service. The vulnerability exists in `gw_backend.c` where there is a resource leak which will lead to a connection slot exhaustion after a large amount of anomalous TCP behavior causing an application crash. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-11T13:39:08", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-06T01:17:04", "id": "VERACODE:37510", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37510/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-04T13:17:40", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function\npointer if an invalid HTTP request (websocket handshake) is received. It\nleads to null pointer dereference which crashes the server. It could be\nused by an external attacker to cause denial of service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-12T00:00:00", "type": "ubuntucve", "title": "CVE-2022-37797", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-09-12T00:00:00", "id": "UB:CVE-2022-37797", "href": "https://ubuntu.com/security/CVE-2022-37797", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-04T13:16:53", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could\nlead to a denial of service (connection-slot exhaustion) after a large\namount of anomalous TCP behavior by clients. It is related to RDHUP\nmishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is,\nfor example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T00:00:00", "type": "ubuntucve", "title": "CVE-2022-41556", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-06T00:00:00", "id": "UB:CVE-2022-41556", "href": "https://ubuntu.com/security/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2023-06-03T15:07:32", "description": "lighttpd (pronounced /lighty/) is a secure, fast, compliant, and very flexi ble web server that has been optimized for high-performance environments. light tpd uses memory and CPU efficiently and has lower resource use than other popul ar web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compressi on, URL-Rewriting and much more) make lighttpd the perfect web server for all systems, small and large. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-05T13:50:55", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: lighttpd-1.4.67-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-05T13:50:55", "id": "FEDORA:0076E306E5CF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-03T19:03:17", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "alpinelinux", "title": "CVE-2022-41556", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T01:14:00", "id": "ALPINE:CVE-2022-41556", "href": "https://security.alpinelinux.org/vuln/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-06-05T14:53:42", "description": "## Releases\n\n * Ubuntu 22.10 \n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * lighttpd \\- fast webserver with minimal memory footprint\n\nIt was discovered that lighttpd incorrectly handled certain inputs, which could \nresult in a stack buffer overflow. A remote attacker could possibly use this \nissue to cause a denial of service (DoS). (CVE-2022-22707, CVE-2022-41556)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-28T00:00:00", "type": "ubuntu", "title": "lighttpd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707", "CVE-2022-41556"], "modified": "2023-02-28T00:00:00", "id": "USN-5903-1", "href": "https://ubuntu.com/security/notices/USN-5903-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}

Debian DSA-5243-1 : lighttpd - security update

Description

Related