Search...

lighttpd mod_access.c Crafted URL url.access-deny Bypass

2007-06-15T17:51:07

ID OSVDB:38311
Type osvdb
Reporter OSVDB
Modified 2007-06-15T17:51:07

Description

Solution Description

Upgrade to version 1.4.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/changeset/1871 Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/ticket/1230 Secunia Advisory ID:26593 Secunia Advisory ID:22588 Secunia Advisory ID:26505 Secunia Advisory ID:26130 Secunia Advisory ID:26158 Related OSVDB ID: 38312 Related OSVDB ID: 38308 Related OSVDB ID: 38314 Related OSVDB ID: 38318 Related OSVDB ID: 38313 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000214.html Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00003.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200708-11.xml Other Advisory URL: http://security.gentoo.org/glsa/glsa-200708-11.xml Other Advisory URL: http://www.novell.com/linux/security/advisories/2007_15_sr.html Other Advisory URL: http://www.debian.org/security/2007/dsa-1362 FrSIRT Advisory: ADV-2007-2585 CVE-2007-3949 Bugtraq ID: 24967

JSON Vulners Source

Initial Source

{"bulletinFamily": "software", "viewCount": 12, "reporter": "OSVDB", "references": [], "description": "## Solution Description\nUpgrade to version 1.4.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it\nVendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/changeset/1871\nVendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/ticket/1230\n[Secunia Advisory ID:26593](https://secuniaresearch.flexerasoftware.com/advisories/26593/)\n[Secunia Advisory ID:22588](https://secuniaresearch.flexerasoftware.com/advisories/22588/)\n[Secunia Advisory ID:26505](https://secuniaresearch.flexerasoftware.com/advisories/26505/)\n[Secunia Advisory ID:26130](https://secuniaresearch.flexerasoftware.com/advisories/26130/)\n[Secunia Advisory ID:26158](https://secuniaresearch.flexerasoftware.com/advisories/26158/)\n[Related OSVDB ID: 38312](https://vulners.com/osvdb/OSVDB:38312)\n[Related OSVDB ID: 38308](https://vulners.com/osvdb/OSVDB:38308)\n[Related OSVDB ID: 38314](https://vulners.com/osvdb/OSVDB:38314)\n[Related OSVDB ID: 38318](https://vulners.com/osvdb/OSVDB:38318)\n[Related OSVDB ID: 38313](https://vulners.com/osvdb/OSVDB:38313)\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000214.html\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00003.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200708-11.xml\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200708-11.xml\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_15_sr.html\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1362\nFrSIRT Advisory: ADV-2007-2585\n[CVE-2007-3949](https://vulners.com/cve/CVE-2007-3949)\nBugtraq ID: 24967\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "fad24158d2e5f690b99992b90e8e2d07"}, {"key": "cvss", "hash": "1ca44ee72b2de6c01b9d2e65d78cf0c3"}, {"key": "description", "hash": "ada33b4a518e6bd6606effb96e289077"}, {"key": "href", "hash": "b66a10052455941e5a3cf6386d82c43a"}, {"key": "modified", "hash": "cecfdd0dee302bd8defc35fa947a798e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "cecfdd0dee302bd8defc35fa947a798e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "e922ae97c7dcb18ee6c1d2bfb10e272c"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:38311", "modified": "2007-06-15T17:51:07", "objectVersion": "1.2", "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2017-04-28T13:20:34"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3949"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8066", "SECURITYVULNS:DOC:17829"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1362-1:5B477"]}, {"type": "nessus", "idList": ["SUSE_LIGHTTPD-3985.NASL", "LIGHTTPD_1_4_16.NASL", "GENTOO_GLSA-200708-11.NASL", "FREEBSD_PKG_FC9C217E379111DCBB1A000FEA449B8A.NASL", "DEBIAN_DSA-1362.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:58581", "OPENVAS:58546", "OPENVAS:58828"]}, {"type": "freebsd", "idList": ["FC9C217E-3791-11DC-BB1A-000FEA449B8A"]}, {"type": "gentoo", "idList": ["GLSA-200708-11"]}], "modified": "2017-04-28T13:20:34"}, "vulnersScore": 6.6}, "id": "OSVDB:38311", "title": "lighttpd mod_access.c Crafted URL url.access-deny Bypass", "hash": "5dc3c7b3821c2daa90f1eaea3bb9ae123f0e49f118941dd98660ca584aecdb5f", "edition": 1, "published": "2007-06-15T17:51:07", "type": "osvdb", "history": [], "cvss": {"score": 8.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "cvelist": ["CVE-2007-3949"], "lastseen": "2017-04-28T13:20:34"}

{"cve": [{"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.\nVenbdor has released upgrade: http://trac.lighttpd.net/trac/", "modified": "2018-10-15T21:32:00", "id": "CVE-2007-3949", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3949", "published": "2007-07-24T00:30:00", "title": "CVE-2007-3949", "type": "cve", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "description": "Multiple memory corruption on request headers parsing.", "modified": "2007-08-17T00:00:00", "published": "2007-08-17T00:00:00", "id": "SECURITYVULNS:VULN:8066", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8066", "title": "Lighttpd multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200708-11\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Lighttpd: Multiple vulnerabilities\r\n Date: August 16, 2007\r\n Bugs: #185442\r\n ID: 200708-11\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nSeveral vulnerabilities were reported in Lighttpd, most of them\r\nallowing a Denial of Service and potentially the remote execution of\r\narbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nLighttpd is a lightweight HTTP web server.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 www-servers/lighttpd < 1.4.16 >= 1.4.16\r\n\r\nDescription\r\n===========\r\n\r\nStefan Esser discovered errors with evidence of memory corruption in\r\nthe code parsing the headers. Several independent researchers also\r\nreported errors involving the handling of HTTP headers, the mod_auth\r\nand mod_scgi modules, and the limitation of active connections.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker can trigger any of these vulnerabilities by sending\r\nmalicious data to the server, which may lead to a crash or memory\r\nexhaustion, and potentially the execution of arbitrary code.\r\nAdditionally, access-deny settings can be evaded by appending a final /\r\nto a URL.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Lighttpd users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=www-servers/lighttpd-1.4.16"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2007-3946\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3946\r\n [ 2 ] CVE-2007-3947\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3947\r\n [ 3 ] CVE-2007-3948\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3948\r\n [ 4 ] CVE-2007-3949\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3949\r\n [ 5 ] CVE-2007-3950\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3950\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200708-11.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2007 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "modified": "2007-08-17T00:00:00", "published": "2007-08-17T00:00:00", "id": "SECURITYVULNS:DOC:17829", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17829", "title": "[ GLSA 200708-11 ] Lighttpd: Multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:03", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1362 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nAugust 29th, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : various\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-3946\nDebian Bug : 434888\n\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver with\nminimal memory footprint. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3946\n\n The use of mod_auth could leave to a denial of service attack crashing\n the webserver\n\nCVE-2007-3947\n\n The improper handling of repeated HTTP headers could cause a denial\n of serve attack crashing the webserver.\n\nCVE-2007-3949\n\n A bug in mod_access potentially allows remote users to bypass\n access restrictions via trailing slash characters.\n\nCVE-2007-3950\n\n On 32-bit platforms users may be able to create denial of service\n attacks, crashing the webserver, via mod_webdav, mod_fastcgi, or\n mod_scgi.\n\n\nFor the stable distribution (etch), these problems have been fixed in version\n1.4.13-4etch3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.16-1.\n\nWe recommend that you upgrade your lighttpd package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz\n Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3.dsc\n Size/MD5 checksum: 1098 e759ee83cf22697f62b11df286973b7a\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3.diff.gz\n Size/MD5 checksum: 33811 259574ed674f31dd8c44dc46809656bb\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch3_all.deb\n Size/MD5 checksum: 99376 c4ea0d3adca48f1c749b4c3e49293bba\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_alpha.deb\n Size/MD5 checksum: 71460 8b25398ab656e85d82ef611d7110191c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_alpha.deb\n Size/MD5 checksum: 64650 d023bc4775d81b0f0be9d56043d2d893\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_alpha.deb\n Size/MD5 checksum: 318496 54eb4b6bdfcf41c72f5d3b2f8f91778d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_alpha.deb\n Size/MD5 checksum: 59244 6098a74659117029c062132179e88a96\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_alpha.deb\n Size/MD5 checksum: 60996 2c30d7179beeea97d1e868d34cc314c5\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_alpha.deb\n Size/MD5 checksum: 64226 36bdb8c2ecbe874aaec676cd7c3992c9\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_amd64.deb\n Size/MD5 checksum: 60664 8b1e4185d6961a8dd6823c90b698d1a0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_amd64.deb\n Size/MD5 checksum: 63542 420d82c389da7a774118495eca87ae76\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_amd64.deb\n Size/MD5 checksum: 58986 17e377ca088aaa2f5fcb84902eaa75da\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_amd64.deb\n Size/MD5 checksum: 63870 02499705ef7a069be4df2fff55fbfd97\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_amd64.deb\n Size/MD5 checksum: 297416 9931993931036ec2252d39cade28bc09\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_amd64.deb\n Size/MD5 checksum: 70150 3665d99b3aa0153ad51168a392e3dbfd\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_arm.deb\n Size/MD5 checksum: 62766 dfa6a35455776fd429420bdac95f3d6a\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_arm.deb\n Size/MD5 checksum: 62624 87ad57adafd7dac22bace1b3f78c3a8d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_arm.deb\n Size/MD5 checksum: 58522 e919dd7724d7ed3cbf69c06a07cda5c6\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_arm.deb\n Size/MD5 checksum: 60450 d97c010d5a7a732d7b72b0999b1d2981\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_arm.deb\n Size/MD5 checksum: 69582 6a73b105d5640f06676ed67f4f377702\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_arm.deb\n Size/MD5 checksum: 288496 7d4e2ad91b8b4d5e7508112a2702e7a2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_hppa.deb\n Size/MD5 checksum: 72640 20e2a23db84c6087d2ceadf132237307\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_hppa.deb\n Size/MD5 checksum: 59588 b2cf574224dc849bfe7c1ad9e4934c55\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_hppa.deb\n Size/MD5 checksum: 65116 cb79c0db6b1d90fe0b5414707a982870\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_hppa.deb\n Size/MD5 checksum: 323700 58b6d9a3e9f959109cebe9bd2568d084\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_hppa.deb\n Size/MD5 checksum: 61438 5670fd8056e890cfcee290d9905c1c6a\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_hppa.deb\n Size/MD5 checksum: 64662 e64d288444457ad1b39d6a6bf0744987\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_i386.deb\n Size/MD5 checksum: 60440 e3423b0c025ba70a649f93afb67c1cff\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_i386.deb\n Size/MD5 checksum: 286996 802f3844967326a42ab410578f1a2828\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_i386.deb\n Size/MD5 checksum: 58648 af9b965e45f78ad92c8c77ca05e28e61\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_i386.deb\n Size/MD5 checksum: 70006 2195971aa95082d9a67a0ade17bb16b0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_i386.deb\n Size/MD5 checksum: 63114 f5796a135101dcc9c7f17ff4a2acfa54\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_i386.deb\n Size/MD5 checksum: 63354 c5f753b53e66c8d07130625835378379\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_ia64.deb\n Size/MD5 checksum: 60830 28f35d9770d96cbc7c3b08790ae363fc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_ia64.deb\n Size/MD5 checksum: 66988 fc243d57a0019a596e4005e11f74c8d0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_ia64.deb\n Size/MD5 checksum: 67148 60a0c56991502c957200179f6b1a5b80\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_ia64.deb\n Size/MD5 checksum: 403080 414aa7e0a26ef46678d49e6a818f2c5f\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_ia64.deb\n Size/MD5 checksum: 62702 1c554d315d8f1a2fd06ceffb8bdf4a09\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_ia64.deb\n Size/MD5 checksum: 76696 1e0d1beac8bb36bf5c82da00271748d3\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_mips.deb\n Size/MD5 checksum: 58958 3535829d49a0a3cf1675b430a7f86e61\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_mips.deb\n Size/MD5 checksum: 63148 0811ae02e2b242dd8b6daa11f49ab357\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_mips.deb\n Size/MD5 checksum: 63000 5f82b35e39c23618d616432c4fdf3d55\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_mips.deb\n Size/MD5 checksum: 69676 4e46069f91751eaf40526eed244049af\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_mips.deb\n Size/MD5 checksum: 60398 de38e5c12a8f2d5aab03d6dcb6c68fd4\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_mips.deb\n Size/MD5 checksum: 296092 5cebdb3b6f4f300503dceec97ff5fdb1\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_mipsel.deb\n Size/MD5 checksum: 69648 ffa762a3a4041eee374b9735b00102f7\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_mipsel.deb\n Size/MD5 checksum: 60404 231b375e6591fbff5237fcfc560da580\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_mipsel.deb\n Size/MD5 checksum: 63012 335f6be5702df10dd0832a7a513142e8\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_mipsel.deb\n Size/MD5 checksum: 58930 09525411ab17b991b1b5da3ce0ef2271\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_mipsel.deb\n Size/MD5 checksum: 296470 9e5d70e2dd6f5ad4fecdf25cc9e2be75\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_mipsel.deb\n Size/MD5 checksum: 63188 5d8c22a4a7f7f5f2e992f738fff56fc7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_powerpc.deb\n Size/MD5 checksum: 60302 aa2ae5c7d472398201af510b2b98e8b7\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_powerpc.deb\n Size/MD5 checksum: 62116 802c522b2b36c25beb043f1aab7f378c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_powerpc.deb\n Size/MD5 checksum: 71404 bdbd879e21dd5dfad5123f15b98c85f7\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_powerpc.deb\n Size/MD5 checksum: 64766 b53358fbebbfc721580ab21f4f568d53\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_powerpc.deb\n Size/MD5 checksum: 323284 04c290e9fcb6480cc6c6ae0c1d73db3d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_powerpc.deb\n Size/MD5 checksum: 65046 d528c07e0631710b11549a91257ddbd4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_s390.deb\n Size/MD5 checksum: 71002 17d6443af1d09e6d92d8e834110c8973\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_s390.deb\n Size/MD5 checksum: 64282 b398dfadbb6fb510ad625e7dadfa61e3\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_s390.deb\n Size/MD5 checksum: 59232 2917d6a60f6284120b1c48de4f2b9b9d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_s390.deb\n Size/MD5 checksum: 306470 fe239b45d2201aeda34ad0395c881b74\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_s390.deb\n Size/MD5 checksum: 60734 0be7bc114adaa57a0d533979cbb94455\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_s390.deb\n Size/MD5 checksum: 63892 fdba3d63a19576948649939500d6df3c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_sparc.deb\n Size/MD5 checksum: 60178 f9742d8dbcd105ebe444c90debbc53c0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_sparc.deb\n Size/MD5 checksum: 63058 90f636b132db3d505661cf1a21440e7b\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_sparc.deb\n Size/MD5 checksum: 69528 8c2e7bfb821352516818b338ede170bd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_sparc.deb\n Size/MD5 checksum: 58524 c8c1a41cffbe1a0cf898c0540488f066\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_sparc.deb\n Size/MD5 checksum: 63084 8bb0811dd25d02eec370038f565b9318\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_sparc.deb\n Size/MD5 checksum: 283548 b3c07e7896284eee5e945bf3356f0144\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2007-08-29T00:00:00", "published": "2007-08-29T00:00:00", "id": "DEBIAN:DSA-1362-1:5B477", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00124.html", "title": "[SECURITY] [DSA 1362-1] New lighttpd packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "nessus": [{"lastseen": "2019-11-03T12:30:06", "bulletinFamily": "scanner", "description": "Multiple bugs in lighttpd allowed remote attackers to crash lighttpd,\ncircumvent access restricions or even execute code. (CVE-2007-3946,\nCVE-2007-3947, CVE-2007-3948, CVE-2007-3949, CVE-2007-3950)", "modified": "2019-11-02T00:00:00", "id": "SUSE_LIGHTTPD-3985.NASL", "href": "https://www.tenable.com/plugins/nessus/27340", "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-3985)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-3985.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27340);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:30\");\n\n script_cve_id(\"CVE-2007-3946\", \"CVE-2007-3947\", \"CVE-2007-3948\", \"CVE-2007-3949\", \"CVE-2007-3950\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-3985)\");\n script_summary(english:\"Check for the lighttpd-3985 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple bugs in lighttpd allowed remote attackers to crash lighttpd,\ncircumvent access restricions or even execute code. (CVE-2007-3946,\nCVE-2007-3947, CVE-2007-3948, CVE-2007-3949, CVE-2007-3950)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-11-01T02:40:10", "bulletinFamily": "scanner", "description": "Secunia Advisory reports :\n\nSome vulnerabilities have been reported in lighttpd, which can be\nexploited by malicious people to bypass certain security restrictions\nor cause a DoS (Denial of Service).", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_FC9C217E379111DCBB1A000FEA449B8A.NASL", "href": "https://www.tenable.com/plugins/nessus/25788", "published": "2007-07-27T00:00:00", "title": "FreeBSD : lighttpd -- multiple vulnerabilities (fc9c217e-3791-11dc-bb1a-000fea449b8a)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25788);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2007-3947\", \"CVE-2007-3948\", \"CVE-2007-3949\", \"CVE-2007-3950\");\n\n script_name(english:\"FreeBSD : lighttpd -- multiple vulnerabilities (fc9c217e-3791-11dc-bb1a-000fea449b8a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia Advisory reports :\n\nSome vulnerabilities have been reported in lighttpd, which can be\nexploited by malicious people to bypass certain security restrictions\nor cause a DoS (Denial of Service).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/1216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/1232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/1230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/1263\"\n );\n # https://vuxml.freebsd.org/freebsd/fc9c217e-3791-11dc-bb1a-000fea449b8a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea2b217c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.15_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-11-01T02:40:17", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200708-11\n(Lighttpd: Multiple vulnerabilities)\n\n Stefan Esser discovered errors with evidence of memory corruption in\n the code parsing the headers. Several independent researchers also\n reported errors involving the handling of HTTP headers, the mod_auth\n and mod_scgi modules, and the limitation of active connections.\n \nImpact :\n\n A remote attacker can trigger any of these vulnerabilities by sending\n malicious data to the server, which may lead to a crash or memory\n exhaustion, and potentially the execution of arbitrary code.\n Additionally, access-deny settings can be evaded by appending a final /\n to a URL.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-200708-11.NASL", "href": "https://www.tenable.com/plugins/nessus/25917", "published": "2007-08-21T00:00:00", "title": "GLSA-200708-11 : Lighttpd: Multiple vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200708-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25917);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2007-3946\", \"CVE-2007-3947\", \"CVE-2007-3948\", \"CVE-2007-3949\", \"CVE-2007-3950\");\n script_xref(name:\"GLSA\", value:\"200708-11\");\n\n script_name(english:\"GLSA-200708-11 : Lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200708-11\n(Lighttpd: Multiple vulnerabilities)\n\n Stefan Esser discovered errors with evidence of memory corruption in\n the code parsing the headers. Several independent researchers also\n reported errors involving the handling of HTTP headers, the mod_auth\n and mod_scgi modules, and the limitation of active connections.\n \nImpact :\n\n A remote attacker can trigger any of these vulnerabilities by sending\n malicious data to the server, which may lead to a crash or memory\n exhaustion, and potentially the execution of arbitrary code.\n Additionally, access-deny settings can be evaded by appending a final /\n to a URL.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200708-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.16'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/08/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.16\"), vulnerable:make_list(\"lt 1.4.16\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Lighttpd\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-11-09T10:51:39", "bulletinFamily": "scanner", "description": "According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.16. It is, therefore, affected by multiple\nvulnerabilities :\n\n - mod_auth allows remote attackers to cause a denial of service\n via unspecified vectors involving (1) a memory leak, (2) use\n of md5-sess without a cnonce, (3) base64 encoded strings, and\n (4) trailing whitespace in the Auth-Digest header.\n (CVE-2007-3946)\n\n - The server allows remote attackers to cause a denial of\n service by sending an HTTP request with duplicate headers.\n (CVE-2007-3947)\n\n - The server might accept more connections than the configured\n maximum, which allows remote attackers to cause a denial of\n service via a large number of connection attempts.\n (CVE-2007-3948)\n\n - mod_access ignores trailing / (slash) characters in the URL,\n which allows remote attackers to bypass url.access-deny settings\n (CVE-2007-3949)\n\n - The server, when run on 32 bit platforms, allows remote attackers\n to cause a denial of service (daemon crash) via unspecified vectors\n involving the use of incompatible format specifiers in certain\n debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and\n (3) mod_webdav modules. (CVE-2007-3950)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application", "modified": "2019-11-02T00:00:00", "id": "LIGHTTPD_1_4_16.NASL", "href": "https://www.tenable.com/plugins/nessus/106623", "published": "2018-02-06T00:00:00", "title": "lighttpd < 1.4.16 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106623);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2007-3946\",\n \"CVE-2007-3947\",\n \"CVE-2007-3948\",\n \"CVE-2007-3949\",\n \"CVE-2007-3950\"\n );\n script_bugtraq_id(24967);\n\n script_name(english:\"lighttpd < 1.4.16 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.16. It is, therefore, affected by multiple\nvulnerabilities :\n\n - mod_auth allows remote attackers to cause a denial of service\n via unspecified vectors involving (1) a memory leak, (2) use\n of md5-sess without a cnonce, (3) base64 encoded strings, and\n (4) trailing whitespace in the Auth-Digest header.\n (CVE-2007-3946)\n\n - The server allows remote attackers to cause a denial of\n service by sending an HTTP request with duplicate headers.\n (CVE-2007-3947)\n\n - The server might accept more connections than the configured\n maximum, which allows remote attackers to cause a denial of\n service via a large number of connection attempts.\n (CVE-2007-3948)\n\n - mod_access ignores trailing / (slash) characters in the URL,\n which allows remote attackers to bypass url.access-deny settings\n (CVE-2007-3949)\n\n - The server, when run on 32 bit platforms, allows remote attackers\n to cause a denial of service (daemon crash) via unspecified vectors\n involving the use of incompatible format specifiers in certain\n debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and\n (3) mod_webdav modules. (CVE-2007-3950)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.16\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-11-01T02:20:59", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint, which could allow the execution of\narbitrary code via the overflow of CGI variables when mod_fcgi was\nenabled. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2007-3946\n The use of mod_auth could leave to a denial of service\n attack crashing the webserver.\n\n - CVE-2007-3947\n The improper handling of repeated HTTP headers could\n cause a denial of service attack crashing the webserver.\n\n - CVE-2007-3949\n A bug in mod_access potentially allows remote users to\n bypass access restrictions via trailing slash\n characters.\n\n - CVE-2007-3950\n On 32-bit platforms users may be able to create denial\n of service attacks, crashing the webserver, via\n mod_webdav, mod_fastcgi, or mod_scgi.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-1362.NASL", "href": "https://www.tenable.com/plugins/nessus/25962", "published": "2007-09-03T00:00:00", "title": "Debian DSA-1362-2 : lighttpd - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1362. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25962);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/08/02 13:32:20\");\n\n script_cve_id(\"CVE-2007-2841\", \"CVE-2007-3946\", \"CVE-2007-3947\", \"CVE-2007-3948\", \"CVE-2007-3949\", \"CVE-2007-3950\", \"CVE-2007-4727\");\n script_xref(name:\"DSA\", value:\"1362\");\n\n script_name(english:\"Debian DSA-1362-2 : lighttpd - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint, which could allow the execution of\narbitrary code via the overflow of CGI variables when mod_fcgi was\nenabled. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\n - CVE-2007-3946\n The use of mod_auth could leave to a denial of service\n attack crashing the webserver.\n\n - CVE-2007-3947\n The improper handling of repeated HTTP headers could\n cause a denial of service attack crashing the webserver.\n\n - CVE-2007-3949\n A bug in mod_access potentially allows remote users to\n bypass access restrictions via trailing slash\n characters.\n\n - CVE-2007-3950\n On 32-bit platforms users may be able to create denial\n of service attacks, crashing the webserver, via\n mod_webdav, mod_fastcgi, or mod_scgi.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2007/dsa-1362\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.13-4etch4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:49:59", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200708-11.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58546", "id": "OPENVAS:58546", "title": "Gentoo Security Advisory GLSA 200708-11 (lighttpd)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were reported in Lighttpd, most of them allowing a\nDenial of Service and potentially the remote execution of arbitrary code.\";\ntag_solution = \"All Lighttpd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.16'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200708-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=185442\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200708-11.\";\n\n \n\nif(description)\n{\n script_id(58546);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-3946\", \"CVE-2007-3947\", \"CVE-2007-3948\", \"CVE-2007-3949\", \"CVE-2007-3950\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200708-11 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-servers/lighttpd\", unaffected: make_list(\"ge 1.4.16\"), vulnerable: make_list(\"lt 1.4.16\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-22T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58828", "id": "OPENVAS:58828", "title": "FreeBSD Ports: lighttpd", "type": "openvas", "sourceData": "#\n#VID fc9c217e-3791-11dc-bb1a-000fea449b8a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: lighttpd\n\n=====\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://trac.lighttpd.net/trac/ticket/1216\nhttp://trac.lighttpd.net/trac/ticket/1232\nhttp://trac.lighttpd.net/trac/ticket/1230\nhttp://trac.lighttpd.net/trac/ticket/1263\nhttp://www.vuxml.org/freebsd/fc9c217e-3791-11dc-bb1a-000fea449b8a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(58828);\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-3947\", \"CVE-2007-3948\", \"CVE-2007-3949\", \"CVE-2007-3950\");\n script_name(\"FreeBSD Ports: lighttpd\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"lighttpd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.15_1\")<0) {\n txt += 'Package lighttpd version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 1362-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58581", "id": "OPENVAS:58581", "title": "Debian Security Advisory DSA 1362-1 (lighttpd)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1362_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1362-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in lighttpd, a fast webserver with\nminimal memory footprint. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3946\n\nThe use of mod_auth could leave to a denial of service attack crashing\nthe webserver\n\nCVE-2007-3947\n\nThe improper handling of repeated HTTP headers could cause a denial\nof serve attack crashing the webserver.\n\nCVE-2007-3949\n\nA bug in mod_access potentially allows remote users to bypass\naccess restrictions via trailing slash characters.\n\nCVE-2007-3950\n\nOn 32-bit platforms users may be able to create denial of service\nattacks, crashing the webserver, via mod_webdav, mod_fastcgi, or\nmod_scgi.\n\n\nFor the stable distribution (etch), these problems have been fixed in version\n1.4.13-4etch3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.16-1.\n\nWe recommend that you upgrade your lighttpd package.\";\ntag_summary = \"The remote host is missing an update to lighttpd\nannounced via advisory DSA 1362-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201362-1\";\n\nif(description)\n{\n script_id(58581);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-3946\", \"CVE-2007-3947\", \"CVE-2007-3949\", \"CVE-2007-3950\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_name(\"Debian Security Advisory DSA 1362-1 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.13-4etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.13-4etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.13-4etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.13-4etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.13-4etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.13-4etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.13-4etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:03", "bulletinFamily": "unix", "description": "### Background\n\nLighttpd is a lightweight HTTP web server. \n\n### Description\n\nStefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP headers, the mod_auth and mod_scgi modules, and the limitation of active connections. \n\n### Impact\n\nA remote attacker can trigger any of these vulnerabilities by sending malicious data to the server, which may lead to a crash or memory exhaustion, and potentially the execution of arbitrary code. Additionally, access-deny settings can be evaded by appending a final / to a URL. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Lighttpd users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/lighttpd-1.4.16\"", "modified": "2007-08-16T00:00:00", "published": "2007-08-16T00:00:00", "id": "GLSA-200708-11", "href": "https://security.gentoo.org/glsa/200708-11", "type": "gentoo", "title": "Lighttpd: Multiple vulnerabilities", "cvss": {"score": 8.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:34", "bulletinFamily": "unix", "description": "\nSecunia Advisory reports:\n\nSome vulnerabilities have been reported in lighttpd,\n\t which can be exploited by malicious people to bypass\n\t certain security restrictions or cause a DoS (Denial\n\t of Service).\n\n", "modified": "2010-05-12T00:00:00", "published": "2007-07-20T00:00:00", "id": "FC9C217E-3791-11DC-BB1A-000FEA449B8A", "href": "https://vuxml.freebsd.org/freebsd/fc9c217e-3791-11dc-bb1a-000fea449b8a.html", "title": "lighttpd -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}]}