Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 SCHUTZWERK GmbHOPENVAS:1361412562310111079
HistoryJan 27, 2016 - 12:00 a.m.

Lighttpd Server Detection (HTTP)

2016-01-2700:00:00
Copyright (C) 2016 SCHUTZWERK GmbH
plugins.openvas.org
22

7.3 High

AI Score

Confidence

Low

JSON

HTTP based detection of the Lighttpd HTTP server.

# SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.111079");
  script_version("2024-06-11T05:05:40+0000");
  script_tag(name:"last_modification", value:"2024-06-11 05:05:40 +0000 (Tue, 11 Jun 2024)");
  script_tag(name:"creation_date", value:"2016-01-27 11:00:00 +0100 (Wed, 27 Jan 2016)");
  script_tag(name:"cvss_base", value:"0.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
  script_name("Lighttpd Server Detection (HTTP)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2016 SCHUTZWERK GmbH");
  script_family("Product detection");
  script_dependencies("gb_get_http_banner.nasl");
  script_require_ports("Services/www", 80);
  # nb: gb_get_http_banner.nasl is also checking for the "If you find" string used below and is
  # setting this KB key in that case so we can keep it like this here.
  script_mandatory_keys("lighttpd/banner");

  script_xref(name:"URL", value:"https://www.lighttpd.net/");

  script_tag(name:"summary", value:"HTTP based detection of the Lighttpd HTTP server.");

  script_tag(name:"qod_type", value:"remote_banner");

  exit(0);
}

include("cpe.inc");
include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");

port = http_get_port( default:80 );

if( ! banner = http_get_remote_headers( port:port ) )
  exit( 0 );

url = "/";

# Server: lighttpd/1.4.55
# Server: lighttpd
# Server: lighttpd/1.4.26-devel-v14.12.2-r1
# Server: lighttpd/1.4.69
if( concl = egrep( string:banner, pattern:"^[Ss]erver\s*:\s*lighttpd", icase:FALSE ) ) {
  concluded = "  " + chomp( concl );
  found = TRUE;
}

res = http_get_cache( item:url, port:port );
if( concl = egrep( string:res, pattern:"^\s*If you find a bug in this Lighttpd package, or in Lighttpd itself, please file a bug report on it\.", icase:FALSE ) ) {
  # nb: Minor formatting change for the reporting.
  concl = ereg_replace( string:concl, pattern:"^(\s+)", replace:"" );
  if( concluded )
    concluded += '\n';
  concluded += "  " + chomp( concl );
  found = TRUE;
}

# nb:
# - Lighttpd seems to not have a standard "Error page" (unlike e.g. nginx) which we could use for a
#   detection
# - Lighttpd seems to be at least partly also running on Windows so no OS detection from the banner
#   for now (some basic OS detection from the default page is done in sw_http_os_detection.nasl)

if( found ) {

  conclUrl = http_report_vuln_url( port:port, url:url, url_only:TRUE );
  version = "unknown";
  install = port + "/tcp";

  # nb:
  # - To tell http_can_host_asp and http_can_host_php from http_func.inc that the service is
  #   supporting these
  # - Product can definitely host PHP scripts
  # - Might be also used as a reverse proxy to systems able to host ASP scripts
  replace_kb_item( name:"www/" + port + "/can_host_php", value:"yes" );
  replace_kb_item( name:"www/" + port + "/can_host_asp", value:"yes" );

  # nb: Currently unclear why the second pattern was added. No examples have been given in the past
  # so this was kept for now.
  vers = eregmatch( pattern:"[Ss]erver\s*:\s*lighttpd/([0-9.]+)(-[0-9.]+)?", string:banner, icase:FALSE );
  if( vers[1] ) {
    version = vers[1];
    if( vers[2] ) {
      vers[2] = ereg_replace( string:vers[2], pattern:"-", replace:"." );
      version = version + vers[2];
    }
  }

  set_kb_item( name:"lighttpd/detected", value:TRUE );
  set_kb_item( name:"lighttpd/http/detected", value:TRUE );

  cpe = build_cpe( value:version, exp:"^([0-9.]+)", base:"cpe:/a:lighttpd:lighttpd:" );
  if( ! cpe )
    cpe = "cpe:/a:lighttpd:lighttpd";

  register_product( cpe:cpe, location:install, port:port, service:"www" );

  log_message( data:build_detection_report( app:"Lighttpd",
                                            version:version,
                                            install:install,
                                            cpe:cpe,
                                            concludedUrl:conclUrl,
                                            concluded:concluded ),
               port:port );
}

exit( 0 );

7.3 High

AI Score

Confidence

Low

JSON