DATABASE RESOURCES PRICING ABOUT US

{"id": "UBUNTU_USN-5903-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : lighttpd vulnerabilities (USN-5903-1)", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5903-1 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. (CVE-2022-22707)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2023-03-01T00:00:00", "modified": "2023-09-01T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/172024", "reporter": "Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22707", "https://ubuntu.com/security/notices/USN-5903-1"], "cvelist": ["CVE-2022-22707", "CVE-2022-41556"], "immutableFields": [], "lastseen": "2023-09-02T20:18:35", "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-22707", "ALPINE:CVE-2022-41556"]}, {"type": "cnvd", "idList": ["CNVD-2022-70073"]}, {"type": "cve", "idList": ["CVE-2022-22707", "CVE-2022-41556"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5040-1:58775", "DEBIAN:DSA-5243-1:A6710"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-22707", "DEBIANCVE:CVE-2022-41556"]}, {"type": "fedora", "idList": ["FEDORA:0076E306E5CF"]}, {"type": "gentoo", "idList": ["GLSA-202210-12"]}, {"type": "mageia", "idList": ["MGASA-2022-0161", "MGASA-2022-0369"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-5040.NASL", "DEBIAN_DSA-5243.NASL", "FEDORA_2022-C26B19568D.NASL", "GENTOO_GLSA-202210-12.NASL", "OPENSUSE-2022-0024-1.NASL", "SOLARIS_JAN2023_SRU11_4_53_132_2.NASL"]}, {"type": "osv", "idList": ["OSV:CVE-2022-22707", "OSV:CVE-2022-41556", "OSV:DSA-5040-1", "OSV:DSA-5243-1"]}, {"type": "prion", "idList": ["PRION:CVE-2022-22707", "PRION:CVE-2022-41556"]}, {"type": "redos", "idList": ["ROS-20221007-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0024-1", "OPENSUSE-SU-2022:10140-1"]}, {"type": "ubuntu", "idList": ["USN-5903-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-22707", "UB:CVE-2022-41556"]}, {"type": "veracode", "idList": ["VERACODE:33703", "VERACODE:37510"]}]}, "score": {"value": 7.3, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-22707", "epss": 0.01463, "percentile": 0.84721, "modified": "2023-05-02"}, {"cve": "CVE-2022-41556", "epss": 0.00165, "percentile": 0.5174, "modified": "2023-05-02"}], "vulnersScore": 7.3}, "_state": {"dependencies": 1693686063, "score": 1693686092, "epss": 0}, "_internal": {"score_hash": "12219fa9bd6ae871034ac246b491906a"}, "pluginID": "172024", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5903-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172024);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/01\");\n\n script_cve_id(\"CVE-2022-22707\", \"CVE-2022-41556\");\n script_xref(name:\"USN\", value:\"5903-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : lighttpd vulnerabilities (USN-5903-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5903-1 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has\n a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service\n (daemon crash) in a non-default configuration. The non-default configuration requires handling of the\n Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected\n than a 64-bit system. (CVE-2022-22707)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5903-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22707\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-mbedtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-wolfssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|22\\.04|22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04 / 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'lighttpd', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-dev', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-cml', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-geoip', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-magnet', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-trigger-b4-dl', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-vhostdb-dbi', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '22.04', 'pkgname': 'lighttpd', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-deflate', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-geoip', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-mbedtls', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-nss', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-openssl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-trigger-b4-dl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-wolfssl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-dbi', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-lua', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-deflate', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-gnutls', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-mbedtls', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-nss', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-openssl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-wolfssl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-dbi', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-lua', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.65-2ubuntu1.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-dev / lighttpd-mod-authn-gssapi / etc');\n}\n", "naslFamily": "Ubuntu Local Security Checks", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:lighttpd", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-dev", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-pam", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-cml", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-deflate", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-geoip", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-gnutls", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-magnet", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-maxminddb", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-mbedtls", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-nss", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-openssl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-webdav", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-wolfssl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-dbi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-ldap", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-lua", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-mysql"], "solution": "Update the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2022-22707", "vendor_cvss2": {"score": 4.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "vendor_cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2023-02-28T00:00:00", "vulnerabilityPublicationDate": "2022-01-06T00:00:00", "exploitableWith": []}

{"ubuntu": [{"lastseen": "2023-07-21T16:47:01", "description": "## Releases\n\n * Ubuntu 22.10 \n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * lighttpd \\- fast webserver with minimal memory footprint\n\nIt was discovered that lighttpd incorrectly handled certain inputs, which could \nresult in a stack buffer overflow. A remote attacker could possibly use this \nissue to cause a denial of service (DoS). (CVE-2022-22707, CVE-2022-41556)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-28T00:00:00", "type": "ubuntu", "title": "lighttpd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707", "CVE-2022-41556"], "modified": "2023-02-28T00:00:00", "id": "USN-5903-1", "href": "https://ubuntu.com/security/notices/USN-5903-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:20:35", "description": "\nAn out-of-bounds memory access was discovered in the mod\\_extforward plugin of\nthe lighttpd web server, which may result in denial of service.\n\n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 1.4.53-4+deb10u2.\n\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 1.4.59-1+deb11u1.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\n\nFor the detailed security status of lighttpd please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/lighttpd](https://security-tracker.debian.org/tracker/lighttpd)\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-01-11T00:00:00", "type": "osv", "title": "lighttpd - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-08-10T07:20:32", "id": "OSV:DSA-5040-1", "href": "https://osv.dev/vulnerability/DSA-5040-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-27T05:16:44", "description": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.", "cvss3": {}, "published": "2022-01-06T06:15:00", "type": "osv", "title": "CVE-2022-22707", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-22707"], "modified": "2023-06-27T02:28:20", "id": "OSV:CVE-2022-22707", "href": "https://osv.dev/vulnerability/CVE-2022-22707", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-03T07:20:14", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {}, "published": "2022-10-06T18:17:00", "type": "osv", "title": "CVE-2022-41556", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T07:20:12", "id": "OSV:CVE-2022-41556", "href": "https://osv.dev/vulnerability/CVE-2022-41556", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T06:51:14", "description": "\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint.\n\n\n* [CVE-2022-37797](https://security-tracker.debian.org/tracker/CVE-2022-37797)\nAn invalid HTTP request (websocket handshake) may cause a NULL\n pointer dereference in the wstunnel module.\n* [CVE-2022-41556](https://security-tracker.debian.org/tracker/CVE-2022-41556)\nA resource leak in mod\\_fastcgi and mod\\_scgi could lead to a denial\n of service after a large number of bad HTTP requests.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.59-1+deb11u2.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\n\nFor the detailed security status of lighttpd please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/lighttpd](https://security-tracker.debian.org/tracker/lighttpd)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-28T00:00:00", "type": "osv", "title": "lighttpd - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2023-06-28T06:50:30", "id": "OSV:DSA-5243-1", "href": "https://osv.dev/vulnerability/DSA-5243-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-06-14T14:26:03", "description": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-06T06:15:00", "type": "cve", "title": "CVE-2022-22707", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-01-13T20:52:00", "cpe": ["cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:lighttpd:lighttpd:1.4.63"], "id": "CVE-2022-22707", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:lighttpd:lighttpd:1.4.63:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T15:03:54", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "cve", "title": "CVE-2022-41556", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T01:14:00", "cpe": ["cpe:/o:fedoraproject:fedora:35"], "id": "CVE-2022-41556", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}], "mageia": [{"lastseen": "2023-06-14T15:23:39", "description": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. (CVE-2022-22707) \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-06T20:16:39", "type": "mageia", "title": "Updated lighttpd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-05-06T20:16:38", "id": "MGASA-2022-0161", "href": "https://advisories.mageia.org/MGASA-2022-0161.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T15:12:48", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797) A resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests. (CVE-2022-41556) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-13T20:05:19", "type": "mageia", "title": "Updated lighttpd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-13T20:05:19", "id": "MGASA-2022-0369", "href": "https://advisories.mageia.org/MGASA-2022-0369.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-06-29T13:25:41", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could\nlead to a denial of service (connection-slot exhaustion) after a large\namount of anomalous TCP behavior by clients. It is related to RDHUP\nmishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is,\nfor example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T00:00:00", "type": "ubuntucve", "title": "CVE-2022-41556", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-06T00:00:00", "id": "UB:CVE-2022-41556", "href": "https://ubuntu.com/security/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-29T13:42:30", "description": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of\nthe mod_extforward plugin has a stack-based buffer overflow (4 bytes\nrepresenting -1), as demonstrated by remote denial of service (daemon\ncrash) in a non-default configuration. The non-default configuration\nrequires handling of the Forwarded header in a somewhat unusual manner.\nAlso, a 32-bit system is much more likely to be affected than a 64-bit\nsystem.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ebarretto](<https://launchpad.net/~ebarretto>) | According to upstream the impact is limited to 32-bit lighttpd and to specific lighttpd mod_extforward configurations expected to be rare.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-06T00:00:00", "type": "ubuntucve", "title": "CVE-2022-22707", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-01-06T00:00:00", "id": "UB:CVE-2022-22707", "href": "https://ubuntu.com/security/CVE-2022-22707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-03T18:12:14", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "debiancve", "title": "CVE-2022-41556", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-06T18:17:00", "id": "DEBIANCVE:CVE-2022-41556", "href": "https://security-tracker.debian.org/tracker/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-14T14:38:03", "description": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-06T06:15:00", "type": "debiancve", "title": "CVE-2022-22707", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-01-06T06:15:00", "id": "DEBIANCVE:CVE-2022-22707", "href": "https://security-tracker.debian.org/tracker/CVE-2022-22707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-06T12:08:42", "description": "An update that solves one vulnerability and has two fixes\n is now available.\n\nDescription:\n\n This update for lighttpd fixes the following issues:\n\n lighttpd was updated to 1.4.64:\n\n * CVE-2022-22707: off-by-one stack overflow in the mod_extforward plugin\n (boo#1194376)\n * graceful restart/shutdown timeout changed from 0 (disabled) to 8\n seconds. configure an alternative with: server.feature-flags +=\n (\ufffd\ufffd\ufffdserver.graceful-shutdown-timeout\ufffd\ufffd\ufffd => 8)\n * deprecated modules (previously announced) have been removed:\n mod_authn_mysql, mod_mysql_vhost, mod_cml, mod_flv_streaming, mod_geoip,\n mod_trigger_b4_dl\n\n update to 1.4.63:\n\n * import xxHash v0.8.1\n * fix reqpool mem corruption in 1.4.62\n\n includes changes in 1.4.62:\n\n * [mod_alias] fix use-after-free bug\n * many developer visible bug fixes\n\n update to 1.4.61:\n\n * mod_dirlisting: sort \"../\" to top\n * fix HTTP/2 upload > 64k w/ max-request-size\n * code level and developer visible bug fixes\n\n update to 1.4.60:\n\n * HTTP/2 smoother and lower memory use (in general)\n * HTTP/2 tuning to better handle aggressive client initial requests\n * reduce memory footprint; workaround poor glibc behavior; jemalloc is\n better\n * mod_magnet lua performance improvements\n * mod_dirlisting performance improvements and new caching option\n * memory constraints for extreme edge cases in mod_dirlisting, mod_ssi,\n mod_webdav\n * connect(), write(), read() time limits on backends (separate from client\n timeouts)\n * lighttpd restarts if large discontinuity in time occurs (embedded\n systems)\n * RFC7233 Range support for all non-streaming responses, not\n only static files\n * connect() to backend now has default 8 second timeout (configurable)\n\n - Added hardening to systemd service(s) (boo#1181400).\n\n update to 1.4.59:\n\n * HTTP/2 enabled by default\n * mod_deflate zstd suppport\n * new mod_ajp13\n\n Update to 1.4.58:\n\n * [mod_wolfssl] use wolfSSL TLS version defines\n * [mod_wolfssl] compile with earlier wolfSSL vers\n * [core] prefer IPv6+IPv4 func vs IPv4-specific func\n * [core] reuse large mem chunks (fix mem usage) (fixes #3033)\n * [core] add comment for FastCGI mem use in hctx->rb (#3033)\n * [mod_proxy] fix sending of initial reqbody chunked\n * [multiple] fdevent_waitpid() wrapper\n * [core] sys-time.h - localtime_r,gmtime_r macros\n * [core] http_date.[ch] encapsulate HTTP-date parse\n * [core] specialized strptime() for HTTP date fmts\n * [multiple] employ http_date.h, sys-time.h\n * [core] http_date_timegm() (portable timegm())\n * buffer_append_path_len() to join paths\n * [core] inet_ntop_cache -> sock_addr_cache\n * [multiple] etag.[ch] -> http_etag.[ch]; better imp\n * [core] fix crash after specific err in config file\n * [core] fix bug in FastCGI uploads (#3033)\n * [core] http_response_match_if_range()\n * [mod_webdav] typedef off_t loff_t for FreeBSD\n * [multiple] chunkqueue_write_chunk()\n * [build] add GNUMAKEFLAGS=--no-print-directory\n * [core] fix bug in read retry found by coverity\n * [core] attempt to quiet some coverity warnings\n * [mod_webdav] compile fix for Mac OSX/11\n * [core] handle U+00A0 in config parser\n * [core] fix lighttpd -1 one-shot with pipes\n * [core] quiet start/shutdown trace in one-shot mode\n * [core] allow keep-alives in one-shot mode (#3042)\n * [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD\n * [core] setsockopt IPV6_V6ONLY if server.v4mapped\n * [core] prefer inet_aton() over inet_addr()\n * [core] add missing mod_wolfssl to ssl compat list\n * [mod_openssl] remove ancient preprocessor logic\n * [core] SHA512_Init, SHA512_Update, SHA512_Final\n * [mod_wolfssl] add complex preproc logic for SNI\n * [core] wrap a macro value with parens\n * [core] fix handling chunked response from backend (fixes #3044)\n * [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044)\n * [core] skip some trace if backend Upgrade (#3044)\n * [TLS] cert-staple.sh POSIX sh compat (fixes #3043)\n * [core] portability fix if st_mtime not defined\n * [mod_nss] portability fix\n * [core] warn if mod_authn_file needed in conf\n * [core] fix chunked decoding from backend (fixes #3044)\n * [core] reject excess data after chunked encoding (#3046)\n * [core] track chunked encoding state from backend (fixes #3046)\n * [core] li_restricted_strtoint64()\n * [core] track Content-Length from backend (fixes #3046)\n * [core] enhance config parsing debugging (#3047)\n * [core] reorder srv->config_context to match ndx (fixes #3047)\n * [mod_proxy] proxy.header = (\"force-http10\" => ...)\n * [mod_authn_ldap] fix crash (fixes #3048)\n * [mod_authn_ldap, mod_vhostdb_ldap] default cafile\n * [core] fix array_copy_array() sorted[]\n * [multiple] replace fall through comment with attr\n * [core] fix crash printing trace if backend is down\n * [core] fix decoding chunked from backend (fixes #3049)\n * [core] attempt to quiet some coverity warnings\n * [core] perf: request processing\n * [core] http_header_str_contains_token()\n * [mod_flv_streaming] parse query string w/o copying\n * [mod_evhost] use local array to split values\n * [core] remove srv->split_vals\n * [core] add User-Agent to http_header_e enum\n * [core] store struct server * in struct connection\n * [core] use func rc to indicate done reading header\n * [core] replace connection_set_state w/ assignment\n * [core] do not pass srv to http header parsing func\n * [core] cold buffer_string_prepare_append_resize()\n * [core] chunkqueue_compact_mem()\n * [core] connection_chunkqueue_compact()\n * [core] pass con around request, not srv and con\n * [core] reduce use of struct parse_header_state\n * [core] perf: HTTP header parsing using \\n offsets\n * [core] no need to pass srv to connection_set_state\n * [core] perf: connection_read_header_more()\n * [core] perf: connection_read_header_hoff() hot\n * [core] inline connection_read_header()\n * [core] pass ptr to http_request_parse()\n * [core] more 'const' in request.c prototypes\n * [core] handle common case of alnum or - field-name\n * [mod_extforward] simplify code: use light_isxdigit\n * [core] perf: array.c performance enhancements\n * [core] mark some data_* funcs cold\n * [core] http_header.c internal inline funcs\n * [core] remove unused array_reset()\n * [core] prefer uint32_t to size_t in base.h\n * [core] uint32_t for struct buffer sizes\n * [core] remove unused members of struct server\n * [core] short-circuit path to clear request.headers\n * [core] array keys are non-empty in key-value list\n * [core] keep a->data[] sorted; remove a->sorted[]\n * [core] __attribute_returns_nonnull__\n * [core] differentiate array_get_* for ro and rw\n * [core] (const buffer *) in (struct burl_parts_t)\n * [core] (const buffer *) for con->server_name\n * [core] perf: initialize con->conf using memcpy()\n * [core] run config_setup_connection() fewer times\n * [core] isolate data_config.c, vector.c\n * [core] treat con->conditional_is_valid as bitfield\n * [core] http_header_hkey_get() over const array\n * [core] inline buffer as part of DATA_UNSET key\n * [core] inline buffer key for *_patch_connection()\n * [core] (data_unset *) from array_get_element_klen\n * [core] inline buffer as part of data_string value\n * [core] add const to callers of http_header_*_get()\n * [core] inline array as part of data_array value\n * [core] const char *op in data_config\n * [core] buffer string in data_config\n * [core] streamline config_check_cond()\n * [core] keep a->data[] sorted (REVERT)\n * [core] array a->sorted[] as ptrs rather than pos\n * [core] inline header and env arrays into con\n * [mod_accesslog] avoid alloc for parsing cookie val\n * [core] simpler config_check_cond()\n * [mod_redirect,mod_rewrite] store context_ndx\n * [core] const char *name in struct plugin\n * [core] srv->plugin_slots as compact list\n * [core] rearrange server_config, server members\n * [core] macros CONST_LEN_STR and CONST_STR_LEN\n * [core] struct plugin_data_base\n * [core] improve condition caching perf\n * [core] config_plugin_values_init() new interface\n * [mod_access] use config_plugin_values_init()\n * [core] (const buffer *) from strftime_cache_get()\n * [core] mv config_setup_connection to connections.c\n * [core] use (const char *) in config file parsing\n * [mod_staticfile] use config_plugin_values_init()\n * [mod_skeleton] use config_plugin_values_init()\n * [mod_setenv] use config_plugin_values_init()\n * [mod_alias] use config_plugin_values_init()\n * [mod_indexfile] use config_plugin_values_init()\n * [mod_expire] use config_plugin_values_init()\n * [mod_flv_streaming] use config_plugin_values_init()\n * [mod_magnet] use config_plugin_values_init()\n * [mod_usertrack] use config_plugin_values_init()\n * [mod_userdir] split policy from userdir path build\n * [mod_userdir] use config_plugin_values_init()\n * [mod_ssi] use config_plugin_values_init()\n * [mod_uploadprogress] use config_plugin_values_init()\n * [mod_status] use config_plugin_values_init()\n * [mod_cml] use config_plugin_values_init()\n * [mod_secdownload] use config_plugin_values_init()\n * [mod_geoip] use config_plugin_values_init()\n * [mod_evasive] use config_plugin_values_init()\n * [mod_trigger_b4_dl] use config_plugin_values_init()\n * [mod_accesslog] use config_plugin_values_init()\n * [mod_simple_vhost] use config_plugin_values_init()\n * [mod_evhost] use config_plugin_values_init()\n * [mod_vhostdb*] use config_plugin_values_init()\n * [mod_mysql_vhost] use config_plugin_values_init()\n * [mod_maxminddb] use config_plugin_values_init()\n * [mod_auth*] use config_plugin_values_init()\n * [mod_deflate] use config_plugin_values_init()\n * [mod_compress] use config_plugin_values_init()\n * [core] add xsendfile* check if xdocroot is NULL\n * [mod_cgi] use config_plugin_values_init()\n * [mod_dirlisting] use config_plugin_values_init()\n * [mod_extforward] use config_plugin_values_init()\n * [mod_webdav] use config_plugin_values_init()\n * [core] store addtl data in pcre_keyvalue_buffer\n * [mod_redirect] use config_plugin_values_init()\n * [mod_rewrite] use config_plugin_values_init()\n * [mod_rrdtool] use config_plugin_values_init()\n * [multiple] gw_backends config_plugin_values_init()\n * [core] config_get_config_cond_info()\n * [mod_openssl] use config_plugin_values_init()\n * [core] use config_plugin_values_init()\n * [core] collect more config logic into configfile.c\n * [core] config_plugin_values_init_block()\n * [core] gw_backend config_plugin_values_init_block\n * [core] remove old config_insert_values_*() funcs\n * [multiple] plugin.c handles common FREE_FUNC code\n * [core] run all trigger and sighup handlers\n * [mod_wstunnel] change DEBUG_LOG to use log_error()\n * [core] stat_cache_path_contains_symlink use errh\n * [core] isolate use of data_config, configfile.h\n * [core] split cond cache from cond matches\n * [mod_auth] inline arrays in http_auth_require_t\n * [core] array_init() arg for initial size\n * [core] gw_exts_clear_check_local()\n * [core] gw_backend less pointer chasing\n * [core] connection_handle_errdoc() separate func\n * [multiple] prefer (connection *) to (srv *)\n * [core] create http chunk header on the stack\n * [multiple] connection hooks no longer get (srv *)\n * [multiple] plugin_stats array\n * [core] read up-to fixed size chunk before fionread\n * [core] default chunk size 8k (was 4k)\n * [core] pass con around gw_backend instead of srv\n * [core] log_error_multiline_buffer()\n * [multiple] reduce direct use of srv->cur_ts\n * [multiple] extern log_epoch_secs\n * [multiple] reduce direct use of srv->errh\n * [multiple] stat_cache singleton\n * [mod_expire] parse config into structured data\n * [multiple] generic config array type checking\n * [multiple] rename r to rc rv rd wr to be different\n * [core] (minor) config_plugin_keys_t data packing\n * [core] inline buffer in log_error_st errh\n * [multiple] store srv->tmp_buf in tb var\n * [multiple] quiet clang compiler warnings\n * [core] http_status_set_error_close()\n * [core] http_request_host_policy w/ http_parseopts\n * [multiple] con->proto_default_port\n * [core] store log filename in (log_error_st *)\n * [core] separate log_error_open* funcs\n * [core] fdevent uses uint32_t instead of size_t\n * [mod_webdav] large buffer reuse\n * [mod_accesslog] flush file log buffer at 8k size\n * [core] include settings.h where used\n * [core] static buffers for mtime_cache\n * [core] convenience macros to check req methods\n * [core] support multiple error logs\n * [multiple] omit passing srv to fdevent_handler\n * [core] remove unused arg to fdevent_fcntl_set_nb*\n * [core] slightly simpify server_(over)load_check()\n * [core] isolate fdevent subsystem\n * [core] isolate stat_cache subsystem\n * [core] remove include base.h where unused\n * [core] restart dead piped loggers every 64 sec\n * [mod_webdav] use copy_file_range() if available\n * [core] perf: buffer copy and append\n * [core] copy some srv->srvconf into con->conf\n * [core] move keep_alive flag into request_st\n * [core] pass scheme port to http_request_parse()\n * [core] pass http_parseopts around request.c\n * [core] rename specific_config to request_config\n * [core] move request_st,request_config to request.h\n * [core] pass (request_st *) to request.c funcs\n * [core] remove unused request_st member 'request'\n * [core] rename content_length to reqbody_length\n * [core] t/test_request.c using (request_st *)\n * [core] (const connection *) in http_header_*_get()\n * [mod_accesslog] log_access_record() fmt log record\n * [core] move request start ts into (request_st *)\n * [core] move addtl request-specific struct members\n * [core] move addtl request-specific struct members\n * [core] move plugin_ctx into (request_st *)\n * [core] move addtl request-specific struct members\n * [core] move request state into (request_st *)\n * [core] store (plugin *) in p->data\n * [core] store subrequest_handler instead of mode\n * [multiple] copy small struct instead of memcpy()\n * [multiple] split con, request (very large change)\n * [core] r->uri.path always set, though might be \"\"\n * [core] C99 restrict on some base funcs\n * [core] dispatch handler in handle_request func\n * [core] http_request_parse_target()\n * [mod_magnet] modify r->target with \"uri.path-raw\"\n * [core] remove r->uri.path_raw; generate as needed\n * [core] http_response_comeback()\n * [core] http_response_config()\n * [tests] use buffer_eq_slen() for str comparison\n * [core] http_status_append() short-circuit 200 OK\n * [core] mark some chunk.c funcs as pure\n * [core] use uint32_t in http_header.[ch]\n * [core] perf: tighten some code in some hot paths\n * [core] parse header label before end of line\n * [mod_auth] \"nonce_secret\" option to validate nonce (fixes #2976)\n * [build] fix build on MacOS X Tiger\n * [doc] lighttpd.conf: lighttpd choose event-handler\n * [config] blank server.tag if whitespace-only\n * [mod_proxy] stream request using HTTP/1.1 chunked (fixes #3006)\n * [multiple] correct misspellings in comments\n * [multiple] fix some cc warnings in 32-bit, powerpc\n * [tests] fix skip count in mod-fastcgi w/o php-cgi\n * [multiple] ./configure --with-nettle to use Nettle\n * [core] skip excess close() when FD_CLOEXEC defined\n * [mod_cgi] remove redundant calls to set FD_CLOEXEC\n * [core] return EINVAL if stat_cache_get_entry w/o /\n * [mod_webdav] define PATH_MAX if not defined\n * [mod_accesslog] process backslash-escapes in fmt\n * [mod_openssl] disable cert vrfy if ALPN acme-tls/1\n * [core] add seed before openssl RAND_pseudo_bytes()\n * [mod_mbedtls] mbedTLS option for TLS\n * [core] prefer getxattr() instead of get_attr()\n * [multiple] use *(unsigned char *) with ctypes\n * [mod_openssl] do not log ECONNRESET unless debug\n * [mod_openssl] SSL_R_UNEXPECTED_EOF_WHILE_READING\n * [mod_gnutls] GnuTLS option for TLS (fixes #109)\n * [mod_openssl] rotate session ticket encryption key\n * [mod_openssl] set cert from callback in 1.0.2+ (fixes #2842)\n * [mod_openssl] set chains from callback in 1.0.2+ (#2842)\n * [core] RFC-strict parse of Content-Length\n * [build] point ./configure --help to support forum\n * [core] stricter parse of numerical digits\n * [multiple] add summaries to top of some modules\n * [core] sys-crypto-md.h w/ inline message digest fn\n * [mod_openssl] enable read-ahead, if set, after SNI\n * [mod_openssl] issue warning for deprecated options\n * [mod_openssl] use SSL_OP_NO_RENEGOTIATION if avail\n * [mod_openssl] use openssl feature define for ALPN\n * [mod_openssl] update default DH params\n * [core] SecureZeroMemory() on _WIN32\n * [core] safe memset calls memset() through volatile\n * [doc] update comments in doc/config/modules.conf\n * [core] more precise check for request stream flags\n * [mod_openssl] rotate session ticket encryption key\n * [mod_openssl] ssl.stek-file to specify encrypt key\n * [mod_mbedtls] ssl.stek-file to specify encrypt key\n * [mod_gnutls] ssl.stek-file to specify encrypt key\n * [mod_openssl] disable session cache; prefer ticket\n * [mod_openssl] compat with LibreSSL\n * [mod_openssl] compat with WolfSSL\n * [mod_openssl] set SSL_OP_PRIORITIZE_CHACHA\n * [mod_openssl] move SSL_CTX curve conf to new func\n * [mod_openssl] basic SSL_CONF_cmd for alt TLS libs\n * [mod_openssl] OCSP stapling (fixes #2469)\n * [TLS] cert-staple.sh - refresh OCSP responses (#2469)\n * [mod_openssl] compat with BoringSSL\n * [mod_gnutls] option to override GnuTLS priority\n * [mod_gnutls] OCSP stapling (#2469)\n * [mod_extforward] config warning for module order\n * [mod_webdav] store webdav.opts as bitflags\n * [mod_webdav] limit webdav_propfind_dir() recursion\n * [mod_webdav] unsafe-propfind-follow-symlink option\n * [mod_webdav] webdav.opts \"propfind-depth-infinity\"\n * [mod_openssl] detect certs marked OCSP Must-Staple\n * [mod_gnutls] detect certs marked OCSP Must-Staple\n * [mod_openssl] default to set MinProtocol TLSv1.2\n * [mod_nss] NSS option for TLS (fixes #1218)\n * [core] fdevent_load_file() shared code\n * [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file\n * [core] error if s->socket_perms chmod() fails\n * [mod_openssl] prefer some WolfSSL native APIs\n * quiet clang analyzer scan-build warnings\n * [core] uint32_t is plenty large for path names\n * [mod_mysql_vhost] deprecated; use mod_vhostdb_mysql\n * [core] splaytree_djbhash() in splaytree.h (reuse)\n * [cmake] update deps for src/t/test_*\n * [cmake] update deps for src/t/test_*\n * [build] remove tests/mod-userdir.t from builds\n * [build] fix typo in src/Makefile.am EXTRA_DIST\n * [core] remove unused mbedtls_enabled flag\n * [core] store fd in srv->stdin_fd during setup\n * [multiple] address coverity warnings\n * [mod_webdav] fix theoretical NULL dereference\n * [mod_webdav] update rc for PROPFIND allprop\n * [mod_webdav] build fix: ifdef live_properties\n * [multiple] address coverity warnings\n * [meson] fix libmariadb dependency\n * [meson] add missing libmaxminddb section\n * [mod_auth,mod_vhostdb] add caching option (fixes #2805)\n * [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805)\n * [mod_auth] accept \"nonce-secret\" & \"nonce_secret\"\n * [mod_openssl] fix build warnings on MacOS X\n * [core] Nettle assert()s if buffer len > digest sz\n * [mod_authn_dbi] authn backend employing DBI\n * [mod_authn_mysql,file] use crypt() to save stack\n * [mod_vhostdb_dbi] allow strings and ints in config\n * add ci-build.sh\n * move ci-build.sh to scripts\n * [build] build fixes for AIX\n * [mod_deflate] Brotli support\n * [build] bzip2 default to not-enabled in build\n * [mod_deflate] fix typo in config option\n * [mod_deflate] propagate errs from internal funcs\n * [mod_deflate] deflate.cache-dir compressed cache\n * [mod_deflate] mod_deflate subsumes mod_compress\n * [doc] mod_compress -> mod_deflate\n * [tests] mod_compress -> mod_deflate\n * [mod_compress] remove mod_compress\n * [build] add --with-brotli to CI build\n * [core] server.feature-flags extensible config\n * [core] con layer plugin_ctx separate from request\n * [multiple] con hooks store ctx in con->plugin_ctx\n * [core] separate funcs to reset (request_st *)\n * [multiple] rename connection_reset hook to request\n * [mod_nss] func renames for consistency\n * [core] detect and reject TLS connect to cleartext\n * [mod_deflate] quicker check for Content-Encoding\n * [mod_openssl] read secret data w/ BIO_new_mem_buf\n * [core] decode Transfer-Encoding: chunked from gw\n * [mod_fastcgi] decode Transfer-Encoding: chunked\n * [core] stricter parsing of POST chunked block hdr\n * [mod_proxy] send HTTP/1.1 requests to backends\n * [tests] test_base64.c clear buf vs reset\n * [core] http_header_remove_token()\n * [mod_webdav] fix inadvertent string truncation\n * [core] add some missing standard includes\n * [mod_extforward] attempt to quiet Coverity warning\n * [mod_authn_dbi,mod_authn_mysql] fix coverity issue\n * scons: fix check environment\n * Add avahi service file under doc/avahi/\n * [mod_webdav] fix fallback if linkat() fails\n * [mod_proxy] do not forward Expect: 100-continue\n * [core] chunkqueue_compact_mem() must upd cq->last\n * [core] dlsym for FAMNoExists() for compat w/ fam\n * [core] disperse settings.h to appropriate headers\n * [core] inline buffer_reset()\n * [mod_extforward] save proto per connection\n * [mod_extforward] skip after HANDLER_COMEBACK\n * [core] server.feature-flags to enable h2\n * [core] HTTP_VERSION_2\n * [multiple] allow TLS ALPN \"h2\" if \"server.h2proto\"\n * [mod_extforward] preserve changed addr for h2 con\n * [core] do not send Connection: close if h2\n * [core] lowercase response hdr field names for h2\n * [core] recognize status: 421 Misdirected Request\n * [core] parse h2 pseudo-headers\n * [core] request_headers_process()\n * [core] connection_state_machine_loop()\n * [core] reset connection counters per connection\n * [mod_accesslog,mod_rrdtool] HTTP/2 basic accounting\n * [core] connection_set_fdevent_interest()\n * [core] HTTP2-Settings\n * [core] adjust http_request_headers_process()\n * [core] http_header_parse_hoff()\n * [core] move http_request_headers_process()\n * [core] reqpool.[ch] for (request_st *)\n * [multiple] modules read reqbody via fn ptr\n * [multiple] isolate more con code in connections.c\n * [core] isolate more resp code in response.c\n * [core] h2.[ch] with stub funcs (incomplete)\n * [core] alternate between two joblists\n * [core] connection transition to HTTP/2; incomplete\n * [core] mark some error paths with attribute cold\n * [core] discard 100 102 103 responses from backend\n * [core] skip write throttle for 100 Continue\n * [core] adjust (disabled) debug code\n * [core] update comment\n * [core] link in ls-hpack (EXPERIMENTAL)\n * [core] HTTP/2 HPACK using LiteSpeed ls-hpack\n * [core] h2_send_headers() specialized for resp hdrs\n * [core] http_request_parse_header() specialized\n * [core] comment possible future ls-hpack optimize\n * [mod_status] separate funcs to print request table\n * [mod_status] adjust to print HTTP/2 requests\n * [core] redirect to dir using relative-path\n * [core] ignore empty field-name from backends\n * [mod_auth] fix crash if auth.require misconfigured (fixes #3023)\n * [core] fix 1-char trunc of default server.tag\n * [core] request_acquire(), request_release()\n * [core] keep pool of (request_st *) for HTTP/2\n * [mod_status] dedicated funcs for r->state labels\n * [core] move connections_get_state to connections.c\n * [core] fix crash on master after graceful restart\n * [core] defer optimization to read small files\n * [core] do not require '\\0' term for k,v hdr parse\n * [scripts] cert-staple.sh enhancements\n * [core] document algorithm used in lighttpd etag\n * [core] ls-hpack optimizations\n * [core] fix crash on master if blank line request\n * [core] use djbhash in gw_backend to choose host\n * [core] rename md5.[ch] to algo_md5.[ch]\n * [core] move djbhash(), dekhash() to algo_md.h\n * [core] rename splaytree.[ch] to algo_splaytree.[ch]\n * [core] import xxHash v0.8.0\n * [build] modify build, includes for xxHash v0.8.0\n * [build] remove ls-hpack/deps\n * [core] xxhash no inline hints; let compiler choose\n * [mod_dirlisting] fix config parsing crash\n * [mod_openssl] clarify trace w/ deprecated options\n * [doc] refresh doc/config/*/*\n * [core] code size: disable XXH64(), XXH3()\n * [doc] update README and INSTALL\n * [core] combine Cookie request headers with ';'\n * [core] log stream id with debug.log-state-handling\n * [core] set r->state in h2.c\n * [mod_ssi] update chunk after shell output redirect\n * [mod_webdav] preserve bytes_out when chunks merged\n * [multiple] inline chunkqueue_length()\n * [core] cold h2_log_response_header*() funcs\n * [core] update HTTP status codes list from IANA\n * [mod_wolfssl] standalone module\n * [core] Content-Length in http_response_send_file()\n * [core] adjust response header prep for common case\n * [core] light_isupper(), light_islower()\n * [core] tst,set,clr macros for r->{rqst,resp}_htags\n * [core] separate http_header_e from _htags bitmask\n * [core] http_header_hkey_get_lc() for HTTP/2\n * [core] array.[ch] using uint32_t instead of size_t\n * [core] extend (data_string *) to store header id\n * [multiple] extend enum http_header_e list\n * [core] http_header_e <=> lshpack_static_hdr_idx\n * [core] skip ls-hpack decode work unused by lighttpd\n * [TLS] error if inherit empty TLS cfg from globals\n * [core] connection_check_expect_100()\n * [core] support multiple 1xx responses from backend\n * [core] reload c after chunkqueue_compact_mem()\n * [core] relay 1xx from backend over HTTP/2\n * [core] relay 1xx from backend over HTTP/1.1\n * [core] chunkqueue_{peek,read}_data(), squash\n * [multiple] TLS modules use chunkqueue_peek_data()\n * [mod_magnet] magnet.attract-response-start-to\n * [multiple] code reuse chunkqueue_peek_data()\n * [core] reuse r->start_hp.tv_sec for r->start_ts\n * [core] config_plugin_value_tobool() accept \"0\",\"1\"\n * [core] graceful and immediate restart option\n * [mod_ssi] init status var before waitpid()\n * [core] graceful shutdown timeout option\n * [core] lighttpd -1 supports pipes (e.g. netcat)\n * [core] perf adjustments to avoid load miss\n * [multiple] use sock_addr_get_family in more places\n * [multiple] inline chunkqueue where always alloc'd\n * [core] propagate state after writing\n * [core] server_run_con_queue()\n * [core] defer handling FDEVENT_HUP and FDEVENT_ERR\n * [core] handle unexpected EOF reading FILE_CHUNK\n * [core] short-circuit connection_write_throttle()\n * [core] walk queue in connection_write_chunkqueue()\n * [core] connection_joblist global\n * [core] be more precise checking streaming flags\n * [core] fdevent_load_file_bytes()\n * [TLS] use fdevent_load_file_bytes() for STEK file\n * [core] allow symlinks under /dev for rand devices\n * [multiple] use light_btst() for hdr existence chk\n * [mod_deflate] fix potential NULL deref in err case\n * [core] save errno around close() if fstat() fails\n * [mod_ssi] use stat_cache_open_rdonly_fstat()\n * [core] fdevent_dup_cloexec()\n * [core] dup FILE_CHUNK fd when splitting FILE_CHUNK\n * [core] stat_cache_path_isdir()\n * [multiple] use stat_cache_path_isdir()\n * [mod_mbedtls] quiet CLOSE_NOTIFY after conn reset\n * [mod_gnutls] quiet CLOSE_NOTIFY after conn reset\n * [core] limit num ranges in Range requests\n * [core] remove unused r->content_length\n * [core] http_response_parse_range() const file sz\n * [core] pass open fd to http_response_parse_range\n * [core] stat_cache_get_entry_open()\n * [core,mod_deflate] leverage cache of open fd\n * [doc] comment out config disabling Range for .pdf\n * [core] coalesce nearby ranges in Range requests\n * [mod_fastcgi] decode chunked is cold code path\n * [core] fix chunkqueue_compact_mem w/ partial chunk\n * [core] alloc optim reading file, sending chunked\n * [core] reuse chunkqueue_compact_mem*()\n * [mod_cgi] use splice() to send input to CGI\n * [multiple] ignore openssl 3.0.0 deprecation warns\n * [mod_openssl] migrate ticket cb to openssl 3.0.0\n * [mod_openssl] construct OSSL_PARAM on stack\n * [mod_openssl] merge ssl_tlsext_ticket_key_cb impls\n * [multiple] openssl 3.0.0 digest interface migrate\n * [tests] detect multiple SSL/TLS/crypto providers\n * [core] sys-crypto-md.h consistent interfaces\n * [wolfssl] wolfSSL_CTX_set_mode differs from others\n * [multiple] use NSS crypto if no other crypto avail\n * [multiple] stat_cache_path_stat() for struct st\n * [TLS] ignore empty \"CipherString\" in ssl-conf-cmd\n * [multiple] remove chunk file.start member\n * [core] modify use of getrlimit() to not be fatal\n * [mod_webdav] add missing update to cq accounting\n * [mod_webdav] update defaults after worker_init\n * [mod_openssl] use newer openssl 3.0.0 func\n * [core] config_plugin_value_to_int32()\n * [core] minimize pause during graceful restart\n * [mod_deflate] use large mmap chunks to compress\n * [core] stat_cache_entry reference counting\n * [core] FILE_CHUNK can hold stat_cache_entry ref\n * [core] http_chunk_append_file_ref_range()\n * [multiple] use http_chunk_append_file_ref()\n * [core] always lseek() with shared fd\n * [core] silence coverity warnings (false positives)\n * [core] silence coverity warnings in ls-hpack\n * [core] silence coverity warnings (another try)\n * [core] fix fd sharing when splitting file chunk\n * [mod_mbedtls] quiet unused variable warning\n * [core] use inline funcs in sys-crypto-md.h\n * [core] add missing declaration for NSS rand\n * [core] init NSS lib for basic crypto algorithms\n * [doc] change mod_compress refs to mod_deflate\n * [doc] replace bzip2 refs with brotli\n * [build] remove svnversion from versionstamp rule\n * [doc] /var/run -> /run\n * [multiple] test for nss includes\n * [mod_nss] more nss includes fixes\n * [mod_webdav] define _NETBSD_SOURCE on NetBSD\n * [core] silence coverity warnings (another try)\n * [mod_mbedtls] newer mbedTLS vers support TLSv1.3\n * [mod_accesslog] update defaults after cycling log\n * [multiple] add some missing config cleanup\n * [core] fix (startup) mem leaks in configparser.y\n * [core] STAILQ_* -> SIMPLEQ_* on OpenBSD\n * [mod_wolfssl] use more wolfssl/options.h defines\n * [mod_wolfssl] cripple SNI if not built OPENSSL_ALL\n * [mod_wolfssl] need to build --enable-alpn for ALPN\n * [mod_secdownload] fix compile w/ NSS on FreeBSD\n * [mod_mbedtls] wrap addtl code in preproc defines\n * [TLS] server.feature-flags \"ssl.session-cache\"\n * [core] workaround fragile code in wolfssl types.h\n * [core] move misplaced error trace to match option\n * [core] adjust wolfssl workaround for another case\n * [multiple] consistent order for crypto lib select\n * [multiple] include mbedtls/config.h after select\n * [multiple] include wolfssl/options.h after select\n * [core] set NSS_VER_INCLUDE after crypto lib select\n * [core] use system xxhash lib if available\n * [doc] refresh doc/config/conf.d/mime.conf\n * [meson] add matching -I for lua lib version\n * [build] prepend search for lua version 5.4\n * [core] use inotify in stat_cache.[ch] on Linux\n * [build] detect inotify header <sys/inotify.h>\n * [mod_nss] update session ticket NSS devel comment\n * [core] set last_used on rd/wr from backend (fixes #3029)\n * [core] cold func for gw_recv_response error case\n * [core] use kqueue() instead of FAM/gamin on *BSD\n * [core] no graceful-restart-bg on OpenBSD, NetBSD\n * [mod_openssl] add LIBRESSL_VERSION_NUMBER checks\n * [core] use struct kevent on stack in stat_cache\n * [core] stat_cache preprocessor paranoia\n * [mod_openssl] adjust LIBRESSL_VERSION_NUMBER check\n * [mod_maxminddb] fix config validation typo\n * [tests] allow LIGHTTPD_EXE_PATH override\n * [multiple] handle NULL val as empty in *_env_add (fixes #3030)\n * [core] accept \"HTTP/2.0\", \"HTTP/3.0\" from backends (fixes #3031)\n * [build] check for xxhash in more ways\n * [core] accept \"HTTP/2.0\", \"HTTP/3.0\" from backends (#3031)\n * [core] http_response_buffer_append_authority()\n * [core] define SHA*_DIGEST_LENGTH macros if missing\n * [doc] update optional pkg dependencies in INSTALL\n * [mod_alias] validate given order, not sorted order\n * [core] filter out duplicate modules\n * [mod_cgi] fix crash if initial write to CGI fails\n * [mod_cgi] ensure tmp file open() before splice()\n * [multiple] add back-pressure gw data pump (fixes #3033)\n * [core] fix bug when HTTP/2 frames span chunks\n * [multiple] more forgiving config str to boolean (fixes #3036)\n * [core] check for __builtin_expect() availability\n * [core] quiet more request parse errs unless debug\n * [core] consolidate chunk size checks\n * [mod_flv_streaming] use stat_cache_get_entry_open\n * [mod_webdav] pass full path to webdav_unlinkat()\n * [mod_webdav] fallbacks if _ATFILE_SOURCE not avail\n * [mod_fastcgi] move src/fastcgi.h into src/compat/\n * [mod_status] add additional HTML-encoding\n * [core] server.v4mapped option\n * [mod_webdav] workaround for gvfs dir redir bug\n\n - Remove SuSEfirewall2 service files, SuSEfirewall2 does not exist anymore\n\n - Changed /etc/logrotate.d/lighttpd from init.d to systemd fix boo#1146452.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-24=1", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-02T00:00:00", "type": "suse", "title": "Security update for lighttpd (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-02-02T00:00:00", "id": "OPENSUSE-SU-2022:0024-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6P5G6MJW4Q5RKKPO7TS5CLAAEQ2QUYBE/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for lighttpd fixes the following issues:\n\n lighttpd was updated to 1.4.67:\n\n * Update comment about TCP_INFO on OpenBSD\n * [mod_ajp13] fix crash with bad response headers (fixes #3170)\n * [core] handle RDHUP when collecting chunked body CVE-2022-41556\n (boo#1203872)\n * [core] tweak streaming request body to backends\n * [core] handle ENOSPC with pwritev() (#3171)\n * [core] manually calculate off_t max (fixes #3171)\n * [autoconf] force large file support (#3171)\n * [multiple] quiet coverity warnings using casts\n * [meson] add license keyword to project declaration\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10140=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10140=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-03T00:00:00", "type": "suse", "title": "Security update for lighttpd (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-03T00:00:00", "id": "OPENSUSE-SU-2022:10140-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T6C6UOQL3XPIYN6MAYXR6H6PCUA7Q4N4/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-05-18T14:40:13", "description": "The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5040 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. (CVE-2022-22707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-12T00:00:00", "type": "nessus", "title": "Debian DSA-5040-1 : lighttpd - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22707"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "p-cpe:/a:debian:debian_linux:lighttpd-doc", "p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet", "p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb", "p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls", "p-cpe:/a:debian:debian_linux:lighttpd-mod-mysql-vhost", "p-cpe:/a:debian:debian_linux:lighttpd-mod-nss", "p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav", "p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl", "p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap", "p-cpe:/a:debian:debian_linux:lighttpd-modules-lua", "p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-ldap", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-mysql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-cml", "p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate", "p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip"], "id": "DEBIAN_DSA-5040.NASL", "href": "https://www.tenable.com/plugins/nessus/156651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5040. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156651);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2022-22707\");\n\n script_name(english:\"Debian DSA-5040-1 : lighttpd - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5040\nadvisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has\n a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service\n (daemon crash) in a non-default configuration. The non-default configuration requires handling of the\n Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected\n than a 64-bit system. (CVE-2022-22707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-22707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/lighttpd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the lighttpd packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 1.4.59-1+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22707\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-mysql-vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'lighttpd', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-doc', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-gssapi', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-ldap', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-mysql', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-pam', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-sasl', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-cml', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-deflate', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-geoip', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-magnet', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-maxminddb', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-mbedtls', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-mysql-vhost', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-nss', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-openssl', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-trigger-b4-dl', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-vhostdb-dbi', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-vhostdb-pgsql', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-webdav', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-wolfssl', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-modules-dbi', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-modules-ldap', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-modules-lua', 'reference': '1.4.53-4+deb10u2'},\n {'release': '10.0', 'prefix': 'lighttpd-modules-mysql', 'reference': '1.4.53-4+deb10u2'},\n {'release': '11.0', 'prefix': 'lighttpd', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-doc', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-gssapi', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-ldap', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-mysql', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-pam', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-sasl', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-cml', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-deflate', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-geoip', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-magnet', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-maxminddb', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-mbedtls', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-mysql-vhost', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-nss', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-openssl', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-trigger-b4-dl', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-dbi', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-pgsql', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-webdav', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-wolfssl', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-dbi', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-ldap', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-lua', 'reference': '1.4.59-1+deb11u1'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-mysql', 'reference': '1.4.59-1+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-doc / lighttpd-mod-authn-gssapi / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:48:53", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0024-1 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. (CVE-2022-22707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-03T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:0024-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22707"], "modified": "2022-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_gssapi", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_ldap", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_pam", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_sasl", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_maxminddb", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_dbi", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_ldap", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_mysql", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_pgsql", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0024-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157348", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0024-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157348);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/03\");\n\n script_cve_id(\"CVE-2022-22707\");\n\n script_name(english:\"openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:0024-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:0024-1 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has\n a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service\n (daemon crash) in a non-default configuration. The non-default configuration requires handling of the\n Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected\n than a 64-bit system. (CVE-2022-22707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194376\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6P5G6MJW4Q5RKKPO7TS5CLAAEQ2QUYBE/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c726f21b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22707\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22707\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'lighttpd-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_magnet-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_webdav-1.4.64-bp153.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-mod_authn_gssapi / lighttpd-mod_authn_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T19:05:34", "description": "The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c26b19568d advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-23T00:00:00", "type": "nessus", "title": "Fedora 35 : lighttpd (2022-c26b19568d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2023-09-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "id": "FEDORA_2022-C26B19568D.NASL", "href": "https://www.tenable.com/plugins/nessus/169260", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-c26b19568d\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169260);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/12\");\n\n script_cve_id(\"CVE-2022-41556\");\n script_xref(name:\"FEDORA\", value:\"2022-c26b19568d\");\n\n script_name(english:\"Fedora 35 : lighttpd (2022-c26b19568d)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2022-c26b19568d advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-c26b19568d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lighttpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'lighttpd-1.4.67-1.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:06", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5243 advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-5243-1 : lighttpd - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "p-cpe:/a:debian:debian_linux:lighttpd-doc", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-cml", "p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate", "p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip", "p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet", "p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb", "p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls", "p-cpe:/a:debian:debian_linux:lighttpd-mod-nss", "p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav", "p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl", "p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap", "p-cpe:/a:debian:debian_linux:lighttpd-modules-lua", "p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5243.NASL", "href": "https://www.tenable.com/plugins/nessus/165548", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5243. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165548);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-37797\", \"CVE-2022-41556\");\n\n script_name(english:\"Debian DSA-5243-1 : lighttpd - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5243 advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-37797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-41556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/lighttpd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the lighttpd packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.4.59-1+deb11u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'lighttpd', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-doc', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-gssapi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-pam', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-sasl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-cml', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-deflate', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-geoip', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-magnet', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-maxminddb', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-mbedtls', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-nss', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-openssl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-trigger-b4-dl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-dbi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-pgsql', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-webdav', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-wolfssl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-dbi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-ldap', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-lua', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-mysql', 'reference': '1.4.59-1+deb11u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-doc / lighttpd-mod-authn-gssapi / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:51", "description": "The remote host is affected by the vulnerability described in GLSA-202210-12 (Lighttpd: Denial of Service)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-31T00:00:00", "type": "nessus", "title": "GLSA-202210-12 : Lighttpd: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:lighttpd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202210-12.NASL", "href": "https://www.tenable.com/plugins/nessus/166723", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202210-12.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166723);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/31\");\n\n script_cve_id(\"CVE-2022-37797\", \"CVE-2022-41556\");\n\n script_name(english:\"GLSA-202210-12 : Lighttpd: Denial of Service\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202210-12 (Lighttpd: Denial of Service)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202210-12\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=869890\");\n script_set_attribute(attribute:\"solution\", value:\n\"All lighttpd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-servers/lighttpd-1.4.67\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'www-servers/lighttpd',\n 'unaffected' : make_list(\"ge 1.4.67\", \"lt 1.0.0\"),\n 'vulnerable' : make_list(\"lt 1.4.67\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Lighttpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T21:40:45", "description": "This Solaris system is missing necessary patches to address critical security updates :\n\n - Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (glibc)). Supported versions that are affected are 8.4, 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).\n (CVE-2022-23219)\n\n - Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (glibc)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n (CVE-2022-23218)\n\n - Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component:\n Policy (GNU Libtasn1)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy.\n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2021-46848)\n\n - Vulnerability in the Oracle Text (LibExpat) component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Index privilege with network access via Oracle Net to compromise Oracle Text (LibExpat). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Text (LibExpat). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-43680)\n\n - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.\n CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-45061)\n\n - Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 4.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).\n (CVE-2023-21900)", "cvss3": {}, "published": "2023-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46848", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-3204", "CVE-2022-3276", "CVE-2022-37797", "CVE-2022-39253", "CVE-2022-39260", "CVE-2022-3970", "CVE-2022-41556", "CVE-2022-43680", "CVE-2022-44638", "CVE-2022-45061", "CVE-2022-45063", "CVE-2022-46872", "CVE-2022-46874", "CVE-2022-46875", "CVE-2022-46878", "CVE-2022-46880", "CVE-2022-46881", "CVE-2022-46882", "CVE-2023-21900"], "modified": "2023-07-21T00:00:00", "cpe": ["cpe:/o:oracle:solaris"], "id": "SOLARIS_JAN2023_SRU11_4_53_132_2.NASL", "href": "https://www.tenable.com/plugins/nessus/170171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jan2023.\n#\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(170171);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/21\");\n\n script_cve_id(\"CVE-2021-46848\", \"CVE-2022-23218\", \"CVE-2022-23219\", \"CVE-2022-3204\", \"CVE-2022-3276\", \"CVE-2022-37797\", \"CVE-2022-39253\", \"CVE-2022-39260\", \"CVE-2022-3970\", \"CVE-2022-41556\", \"CVE-2022-43680\", \"CVE-2022-44638\", \"CVE-2022-45061\", \"CVE-2022-45063\", \"CVE-2022-46872\", \"CVE-2022-46874\", \"CVE-2022-46875\", \"CVE-2022-46878\", \"CVE-2022-46880\", \"CVE-2022-46881\", \"CVE-2022-46882\", \"CVE-2023-21900\");\n script_xref(name:\"IAVA\", value:\"2023-A-0046\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2\");\n script_summary(english:\"Check for the jan2023 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Solaris system is missing a security patch from CPU\njan2023.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Oracle Communications Session\n Border Controller product of Oracle Communications\n (component: Routing (glibc)). Supported versions that\n are affected are 8.4, 9.0 and 9.1. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via HTTP to compromise Oracle\n Communications Session Border Controller. Successful\n attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash\n (complete DOS) of Oracle Communications Session Border\n Controller as well as unauthorized update, insert or\n delete access to some of Oracle Communications Session\n Border Controller accessible data and unauthorized read\n access to a subset of Oracle Communications Session\n Border Controller accessible data. CVSS 3.1 Base Score\n 7.0 (Confidentiality, Integrity and Availability\n impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).\n (CVE-2022-23219)\n\n - Vulnerability in the Oracle Communications Cloud Native\n Core Unified Data Repository product of Oracle\n Communications (component: Signaling (glibc)). The\n supported version that is affected is 22.1.1. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via HTTP to compromise\n Oracle Communications Cloud Native Core Unified Data\n Repository. Successful attacks of this vulnerability can\n result in takeover of Oracle Communications Cloud Native\n Core Unified Data Repository. CVSS 3.1 Base Score 9.8\n (Confidentiality, Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n (CVE-2022-23218)\n\n - Vulnerability in the Oracle Communications Cloud Native\n Core Policy product of Oracle Communications (component:\n Policy (GNU Libtasn1)). Supported versions that are\n affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via HTTPS to compromise\n Oracle Communications Cloud Native Core Policy.\n Successful attacks of this vulnerability can result in\n unauthorized access to critical data or complete access\n to all Oracle Communications Cloud Native Core Policy\n accessible data and unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of Oracle\n Communications Cloud Native Core Policy. CVSS 3.1 Base\n Score 9.1 (Confidentiality and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2021-46848)\n\n - Vulnerability in the Oracle Text (LibExpat) component of\n Oracle Database Server. Supported versions that are\n affected are 19.3-19.19 and 21.3-21.10. Easily\n exploitable vulnerability allows low privileged attacker\n having Create Session, Create Index privilege with\n network access via Oracle Net to compromise Oracle Text\n (LibExpat). Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of Oracle\n Text (LibExpat). CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-43680)\n\n - Vulnerability in the PeopleSoft Enterprise PeopleTools\n product of Oracle PeopleSoft (component: Porting\n (Python)). Supported versions that are affected are 8.59\n and 8.60. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via HTTP to\n compromise PeopleSoft Enterprise PeopleTools. Successful\n attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash\n (complete DOS) of PeopleSoft Enterprise PeopleTools.\n CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-45061)\n\n - Vulnerability in the Oracle Solaris product of Oracle\n Systems (component: NSSwitch). Supported versions that\n are affected are 10 and 11. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n Oracle Solaris. Successful attacks require human\n interaction from a person other than the attacker and\n while the vulnerability is in Oracle Solaris, attacks\n may significantly impact additional products (scope\n change). Successful attacks of this vulnerability can\n result in unauthorized update, insert or delete access\n to some of Oracle Solaris accessible data and\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Oracle Solaris. CVSS 3.1 Base\n Score 4.0 (Integrity and Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).\n (CVE-2023-21900)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2920776.1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujan2023.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the jan2023 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"11.4-11.4.53.0.1.132.2\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"11.4-11.4.53.0.1.132.2\", sru:\"11.4.53.132.2\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report2());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cnvd": [{"lastseen": "2022-10-20T17:19:52", "description": "lighttpd is an open source web server. buffer overflow vulnerability exists in versions 1.4.46 to 1.4.63 of lighttpd, which stems from the failure of the mod_extforward_Forwarded function in the product's mod_extforward plugin to effectively handle memory boundaries. An attacker could exploit this vulnerability to cause a buffer overflow.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-08T00:00:00", "type": "cnvd", "title": "lighttpd buffer overflow vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-10-20T00:00:00", "id": "CNVD-2022-70073", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-70073", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:28:55", "description": "lighttpd is vulnerable to buffer overflow. The vulnerability exists due to a lack of sanitization in the mod_extforward_Forwarded function of the mod_extforward plugin allows attackers to cause a Denial of Service. \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-15T12:07:00", "type": "veracode", "title": "Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-01-24T10:24:22", "id": "VERACODE:33703", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33703/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T19:53:30", "description": "lighttpd is vulnerable to denial of service. The vulnerability exists in `gw_backend.c` where there is a resource leak which will lead to a connection slot exhaustion after a large amount of anomalous TCP behavior causing an application crash. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-11T13:39:08", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-06T01:17:04", "id": "VERACODE:37510", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37510/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:38", "description": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-06T06:15:00", "type": "alpinelinux", "title": "CVE-2022-22707", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-01-13T20:52:00", "id": "ALPINE:CVE-2022-22707", "href": "https://security.alpinelinux.org/vuln/CVE-2022-22707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-22T16:11:33", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "alpinelinux", "title": "CVE-2022-41556", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T01:14:00", "id": "ALPINE:CVE-2022-41556", "href": "https://security.alpinelinux.org/vuln/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2023-06-18T15:08:17", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5040-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 11, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nCVE ID : CVE-2022-22707\n\nAn out-of-bounds memory access was discovered in the mod_extforward plugin of\nthe lighttpd web server, which may result in denial of service.\n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 1.4.53-4+deb10u2.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 1.4.59-1+deb11u1.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFor the detailed security status of lighttpd please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/lighttpd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-11T19:42:26", "type": "debian", "title": "[SECURITY] [DSA 5040-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-01-11T19:42:26", "id": "DEBIAN:DSA-5040-1:58775", "href": "https://lists.debian.org/debian-security-announce/2022/msg00006.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-03T22:11:25", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5243-1 security@debian.org\nhttps://www.debian.org/security/ Helmut Grohne\nSeptember 28, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nCVE ID : CVE-2022-37797 CVE-2022-41556\n\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint.\n\nCVE-2022-37797\n\n An invalid HTTP request (websocket handshake) may cause a NULL\n pointer dereference in the wstunnel module.\n\nCVE-2022-41556\n\n A resource leak in mod_fastcgi and mod_scgi could lead to a denial\n of service after a large number of bad HTTP requests.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.59-1+deb11u2.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFor the detailed security status of lighttpd please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/lighttpd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-28T16:05:19", "type": "debian", "title": "[SECURITY] [DSA 5243-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-09-28T16:05:19", "id": "DEBIAN:DSA-5243-1:A6710", "href": "https://lists.debian.org/debian-security-announce/2022/msg00212.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-08-15T15:51:09", "description": "In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-06T06:15:00", "type": "prion", "title": "CVE-2022-22707", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707"], "modified": "2022-01-13T20:52:00", "id": "PRION:CVE-2022-22707", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-22707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-15T21:50:45", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "prion", "title": "CVE-2022-41556", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T01:14:00", "id": "PRION:CVE-2022-41556", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redos": [{"lastseen": "2023-09-08T14:27:04", "description": "Vulnerability of lighttpd web server is related to memory leak in mod_fastcgi and mod_scgi modules while processing a large number of incorrect HTTP requests.\r\n a large number of malformed HTTP requests. Exploiting the vulnerability could allow an attacker,\r\n acting remotely, send multiple invalid HTTP requests to a web server and execute a denial of service attack.\r\n \"denial of service", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-07T00:00:00", "type": "redos", "title": "ROS-20221007-02", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-07T00:00:00", "id": "ROS-20221007-02", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-lighttpd-cve-2022-41556/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2023-06-03T15:07:32", "description": "lighttpd (pronounced /lighty/) is a secure, fast, compliant, and very flexi ble web server that has been optimized for high-performance environments. light tpd uses memory and CPU efficiently and has lower resource use than other popul ar web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compressi on, URL-Rewriting and much more) make lighttpd the perfect web server for all systems, small and large. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-05T13:50:55", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: lighttpd-1.4.67-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-05T13:50:55", "id": "FEDORA:0076E306E5CF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2023-06-03T15:07:29", "description": "### Background\n\nLighttpd is a lightweight high-performance web server.\n\n### Description\n\nLighttpd's mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.\n\n### Impact\n\nAn attacker can trigger a denial of service via making Lighttpd try to call an uninitialized function pointer.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll lighttpd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/lighttpd-1.4.67\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-31T00:00:00", "type": "gentoo", "title": "Lighttpd: Denial of Service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-31T00:00:00", "id": "GLSA-202210-12", "href": "https://security.gentoo.org/glsa/202210-12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}