Vulnerability of lighttpd web server is related to memory leak in mod_fastcgi and mod_scgi modules while processing a large number of incorrect HTTP requests.
a large number of malformed HTTP requests. Exploiting the vulnerability could allow an attacker,
acting remotely, send multiple invalid HTTP requests to a web server and execute a denial of service attack.
"denial of service
{"id": "ROS-20221007-02", "vendorId": null, "type": "redos", "bulletinFamily": "unix", "title": "ROS-20221007-02", "description": "Vulnerability of lighttpd web server is related to memory leak in mod_fastcgi and mod_scgi modules while processing a large number of incorrect HTTP requests.\r\n a large number of malformed HTTP requests. Exploiting the vulnerability could allow an attacker,\r\n acting remotely, send multiple invalid HTTP requests to a web server and execute a denial of service attack.\r\n \"denial of service", "published": "2022-10-07T00:00:00", "modified": "2022-10-07T00:00:00", "epss": [{"cve": "CVE-2022-41556", "epss": 0.00165, "percentile": 0.51919, "modified": "2023-06-03"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-lighttpd-cve-2022-41556/", "reporter": "Redos", "references": [], "cvelist": ["CVE-2022-41556"], "immutableFields": [], "lastseen": "2023-09-08T14:27:04", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-41556"]}, {"type": "cve", "idList": ["CVE-2022-41556"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5243-1:A6710"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-41556"]}, {"type": "fedora", "idList": ["FEDORA:0076E306E5CF"]}, {"type": "gentoo", "idList": ["GLSA-202210-12"]}, {"type": "mageia", "idList": ["MGASA-2022-0369"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-5243.NASL", "FEDORA_2022-C26B19568D.NASL", "GENTOO_GLSA-202210-12.NASL", "SOLARIS_JAN2023_SRU11_4_53_132_2.NASL", "UBUNTU_USN-5903-1.NASL"]}, {"type": "osv", "idList": ["OSV:CVE-2022-41556", "OSV:DSA-5243-1"]}, {"type": "prion", "idList": ["PRION:CVE-2022-41556"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10140-1"]}, {"type": "ubuntu", "idList": ["USN-5903-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-41556"]}, {"type": "veracode", "idList": ["VERACODE:37510"]}]}, "score": {"value": 7.4, "vector": "NONE"}, "vulnersScore": 7.4}, "_state": {"dependencies": 1694186798, "score": 1694188116}, "_internal": {"score_hash": "628171bca2c9149b87139fb1d8cb7d9d"}, "affectedPackage": [{"OS": "redos", "operator": "le", "packageFilename": "UNKNOWN", "packageVersion": "1.4.64-3", "OSVersion": "7.3", "arch": "x86_64", "packageName": "lighttpd"}]}
{"ubuntucve": [{"lastseen": "2023-06-29T13:25:41", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could\nlead to a denial of service (connection-slot exhaustion) after a large\namount of anomalous TCP behavior by clients. It is related to RDHUP\nmishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is,\nfor example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T00:00:00", "type": "ubuntucve", "title": "CVE-2022-41556", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-06T00:00:00", "id": "UB:CVE-2022-41556", "href": "https://ubuntu.com/security/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-03T18:12:14", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "debiancve", "title": "CVE-2022-41556", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-06T18:17:00", "id": "DEBIANCVE:CVE-2022-41556", "href": "https://security-tracker.debian.org/tracker/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-06-03T19:53:30", "description": "lighttpd is vulnerable to denial of service. The vulnerability exists in `gw_backend.c` where there is a resource leak which will lead to a connection slot exhaustion after a large amount of anomalous TCP behavior causing an application crash. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-11T13:39:08", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-06T01:17:04", "id": "VERACODE:37510", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37510/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-08-15T21:50:45", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "prion", "title": "CVE-2022-41556", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T01:14:00", "id": "PRION:CVE-2022-41556", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for lighttpd fixes the following issues:\n\n lighttpd was updated to 1.4.67:\n\n * Update comment about TCP_INFO on OpenBSD\n * [mod_ajp13] fix crash with bad response headers (fixes #3170)\n * [core] handle RDHUP when collecting chunked body CVE-2022-41556\n (boo#1203872)\n * [core] tweak streaming request body to backends\n * [core] handle ENOSPC with pwritev() (#3171)\n * [core] manually calculate off_t max (fixes #3171)\n * [autoconf] force large file support (#3171)\n * [multiple] quiet coverity warnings using casts\n * [meson] add license keyword to project declaration\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10140=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10140=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-03T00:00:00", "type": "suse", "title": "Security update for lighttpd (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-03T00:00:00", "id": "OPENSUSE-SU-2022:10140-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T6C6UOQL3XPIYN6MAYXR6H6PCUA7Q4N4/", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-06-03T15:03:54", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "cve", "title": "CVE-2022-41556", "cwe": ["CWE-401"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T01:14:00", "cpe": ["cpe:/o:fedoraproject:fedora:35"], "id": "CVE-2022-41556", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2023-06-03T15:07:32", "description": "lighttpd (pronounced /lighty/) is a secure, fast, compliant, and very flexi ble web server that has been optimized for high-performance environments. light tpd uses memory and CPU efficiently and has lower resource use than other popul ar web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compressi on, URL-Rewriting and much more) make lighttpd the perfect web server for all systems, small and large. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-05T13:50:55", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: lighttpd-1.4.67-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-10-05T13:50:55", "id": "FEDORA:0076E306E5CF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-09-12T19:05:34", "description": "The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c26b19568d advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-23T00:00:00", "type": "nessus", "title": "Fedora 35 : lighttpd (2022-c26b19568d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2023-09-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:35", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "id": "FEDORA_2022-C26B19568D.NASL", "href": "https://www.tenable.com/plugins/nessus/169260", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-c26b19568d\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169260);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/12\");\n\n script_cve_id(\"CVE-2022-41556\");\n script_xref(name:\"FEDORA\", value:\"2022-c26b19568d\");\n\n script_name(english:\"Fedora 35 : lighttpd (2022-c26b19568d)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2022-c26b19568d advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-c26b19568d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected lighttpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'lighttpd-1.4.67-1.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:06", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5243 advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-5243-1 : lighttpd - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "p-cpe:/a:debian:debian_linux:lighttpd-doc", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-cml", "p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate", "p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip", "p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet", "p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb", "p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls", "p-cpe:/a:debian:debian_linux:lighttpd-mod-nss", "p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav", "p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl", "p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap", "p-cpe:/a:debian:debian_linux:lighttpd-modules-lua", "p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5243.NASL", "href": "https://www.tenable.com/plugins/nessus/165548", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5243. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165548);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-37797\", \"CVE-2022-41556\");\n\n script_name(english:\"Debian DSA-5243-1 : lighttpd - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5243 advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-37797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-41556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/lighttpd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the lighttpd packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.4.59-1+deb11u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'lighttpd', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-doc', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-gssapi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-pam', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-sasl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-cml', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-deflate', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-geoip', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-magnet', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-maxminddb', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-mbedtls', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-nss', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-openssl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-trigger-b4-dl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-dbi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-pgsql', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-webdav', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-wolfssl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-dbi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-ldap', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-lua', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-mysql', 'reference': '1.4.59-1+deb11u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-doc / lighttpd-mod-authn-gssapi / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:51", "description": "The remote host is affected by the vulnerability described in GLSA-202210-12 (Lighttpd: Denial of Service)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-31T00:00:00", "type": "nessus", "title": "GLSA-202210-12 : Lighttpd: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:lighttpd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202210-12.NASL", "href": "https://www.tenable.com/plugins/nessus/166723", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202210-12.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166723);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/31\");\n\n script_cve_id(\"CVE-2022-37797\", \"CVE-2022-41556\");\n\n script_name(english:\"GLSA-202210-12 : Lighttpd: Denial of Service\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202210-12 (Lighttpd: Denial of Service)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202210-12\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=869890\");\n script_set_attribute(attribute:\"solution\", value:\n\"All lighttpd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-servers/lighttpd-1.4.67\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'www-servers/lighttpd',\n 'unaffected' : make_list(\"ge 1.4.67\", \"lt 1.0.0\"),\n 'vulnerable' : make_list(\"lt 1.4.67\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Lighttpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T20:18:35", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5903-1 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. (CVE-2022-22707)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-01T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : lighttpd vulnerabilities (USN-5903-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22707", "CVE-2022-41556"], "modified": "2023-09-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.10", "p-cpe:/a:canonical:ubuntu_linux:lighttpd", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-dev", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-pam", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-cml", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-deflate", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-geoip", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-gnutls", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-magnet", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-maxminddb", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-mbedtls", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-nss", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-openssl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-webdav", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-wolfssl", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-dbi", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-ldap", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-lua", "p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-mysql"], "id": "UBUNTU_USN-5903-1.NASL", "href": "https://www.tenable.com/plugins/nessus/172024", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5903-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172024);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/01\");\n\n script_cve_id(\"CVE-2022-22707\", \"CVE-2022-41556\");\n script_xref(name:\"USN\", value:\"5903-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : lighttpd vulnerabilities (USN-5903-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5903-1 advisory.\n\n - In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has\n a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service\n (daemon crash) in a non-default configuration. The non-default configuration requires handling of the\n Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected\n than a 64-bit system. (CVE-2022-22707)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5903-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22707\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-mbedtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-mod-wolfssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|22\\.04|22\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04 / 22.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'lighttpd', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-dev', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-cml', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-geoip', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-magnet', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-trigger-b4-dl', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-vhostdb-dbi', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '20.04', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.55-1ubuntu1.20.04.2'},\n {'osver': '22.04', 'pkgname': 'lighttpd', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-deflate', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-geoip', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-mbedtls', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-nss', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-openssl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-trigger-b4-dl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-mod-wolfssl', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-dbi', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-lua', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.04', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.63-1ubuntu3.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-gssapi', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-pam', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-authn-sasl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-deflate', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-gnutls', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-maxminddb', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-mbedtls', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-nss', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-openssl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-vhostdb-pgsql', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-webdav', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-mod-wolfssl', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-dbi', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-ldap', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-lua', 'pkgver': '1.4.65-2ubuntu1.1'},\n {'osver': '22.10', 'pkgname': 'lighttpd-modules-mysql', 'pkgver': '1.4.65-2ubuntu1.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-dev / lighttpd-mod-authn-gssapi / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T21:40:45", "description": "This Solaris system is missing necessary patches to address critical security updates :\n\n - Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (glibc)). Supported versions that are affected are 8.4, 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).\n (CVE-2022-23219)\n\n - Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (glibc)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n (CVE-2022-23218)\n\n - Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component:\n Policy (GNU Libtasn1)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy.\n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2021-46848)\n\n - Vulnerability in the Oracle Text (LibExpat) component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Index privilege with network access via Oracle Net to compromise Oracle Text (LibExpat). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Text (LibExpat). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-43680)\n\n - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.\n CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-45061)\n\n - Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 4.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).\n (CVE-2023-21900)", "cvss3": {}, "published": "2023-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46848", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-3204", "CVE-2022-3276", "CVE-2022-37797", "CVE-2022-39253", "CVE-2022-39260", "CVE-2022-3970", "CVE-2022-41556", "CVE-2022-43680", "CVE-2022-44638", "CVE-2022-45061", "CVE-2022-45063", "CVE-2022-46872", "CVE-2022-46874", "CVE-2022-46875", "CVE-2022-46878", "CVE-2022-46880", "CVE-2022-46881", "CVE-2022-46882", "CVE-2023-21900"], "modified": "2023-07-21T00:00:00", "cpe": ["cpe:/o:oracle:solaris"], "id": "SOLARIS_JAN2023_SRU11_4_53_132_2.NASL", "href": "https://www.tenable.com/plugins/nessus/170171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jan2023.\n#\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(170171);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/21\");\n\n script_cve_id(\"CVE-2021-46848\", \"CVE-2022-23218\", \"CVE-2022-23219\", \"CVE-2022-3204\", \"CVE-2022-3276\", \"CVE-2022-37797\", \"CVE-2022-39253\", \"CVE-2022-39260\", \"CVE-2022-3970\", \"CVE-2022-41556\", \"CVE-2022-43680\", \"CVE-2022-44638\", \"CVE-2022-45061\", \"CVE-2022-45063\", \"CVE-2022-46872\", \"CVE-2022-46874\", \"CVE-2022-46875\", \"CVE-2022-46878\", \"CVE-2022-46880\", \"CVE-2022-46881\", \"CVE-2022-46882\", \"CVE-2023-21900\");\n script_xref(name:\"IAVA\", value:\"2023-A-0046\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2\");\n script_summary(english:\"Check for the jan2023 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Solaris system is missing a security patch from CPU\njan2023.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Oracle Communications Session\n Border Controller product of Oracle Communications\n (component: Routing (glibc)). Supported versions that\n are affected are 8.4, 9.0 and 9.1. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via HTTP to compromise Oracle\n Communications Session Border Controller. Successful\n attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash\n (complete DOS) of Oracle Communications Session Border\n Controller as well as unauthorized update, insert or\n delete access to some of Oracle Communications Session\n Border Controller accessible data and unauthorized read\n access to a subset of Oracle Communications Session\n Border Controller accessible data. CVSS 3.1 Base Score\n 7.0 (Confidentiality, Integrity and Availability\n impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).\n (CVE-2022-23219)\n\n - Vulnerability in the Oracle Communications Cloud Native\n Core Unified Data Repository product of Oracle\n Communications (component: Signaling (glibc)). The\n supported version that is affected is 22.1.1. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via HTTP to compromise\n Oracle Communications Cloud Native Core Unified Data\n Repository. Successful attacks of this vulnerability can\n result in takeover of Oracle Communications Cloud Native\n Core Unified Data Repository. CVSS 3.1 Base Score 9.8\n (Confidentiality, Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n (CVE-2022-23218)\n\n - Vulnerability in the Oracle Communications Cloud Native\n Core Policy product of Oracle Communications (component:\n Policy (GNU Libtasn1)). Supported versions that are\n affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via HTTPS to compromise\n Oracle Communications Cloud Native Core Policy.\n Successful attacks of this vulnerability can result in\n unauthorized access to critical data or complete access\n to all Oracle Communications Cloud Native Core Policy\n accessible data and unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of Oracle\n Communications Cloud Native Core Policy. CVSS 3.1 Base\n Score 9.1 (Confidentiality and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2021-46848)\n\n - Vulnerability in the Oracle Text (LibExpat) component of\n Oracle Database Server. Supported versions that are\n affected are 19.3-19.19 and 21.3-21.10. Easily\n exploitable vulnerability allows low privileged attacker\n having Create Session, Create Index privilege with\n network access via Oracle Net to compromise Oracle Text\n (LibExpat). Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of Oracle\n Text (LibExpat). CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-43680)\n\n - Vulnerability in the PeopleSoft Enterprise PeopleTools\n product of Oracle PeopleSoft (component: Porting\n (Python)). Supported versions that are affected are 8.59\n and 8.60. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via HTTP to\n compromise PeopleSoft Enterprise PeopleTools. Successful\n attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash\n (complete DOS) of PeopleSoft Enterprise PeopleTools.\n CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-45061)\n\n - Vulnerability in the Oracle Solaris product of Oracle\n Systems (component: NSSwitch). Supported versions that\n are affected are 10 and 11. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n Oracle Solaris. Successful attacks require human\n interaction from a person other than the attacker and\n while the vulnerability is in Oracle Solaris, attacks\n may significantly impact additional products (scope\n change). Successful attacks of this vulnerability can\n result in unauthorized update, insert or delete access\n to some of Oracle Solaris accessible data and\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Oracle Solaris. CVSS 3.1 Base\n Score 4.0 (Integrity and Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).\n (CVE-2023-21900)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2920776.1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujan2023.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the jan2023 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"11.4-11.4.53.0.1.132.2\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"11.4-11.4.53.0.1.132.2\", sru:\"11.4.53.132.2\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report2());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "alpinelinux": [{"lastseen": "2023-09-22T16:11:33", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-06T18:17:00", "type": "alpinelinux", "title": "CVE-2022-41556", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T01:14:00", "id": "ALPINE:CVE-2022-41556", "href": "https://security.alpinelinux.org/vuln/CVE-2022-41556", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-12-03T07:20:14", "description": "A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.", "cvss3": {}, "published": "2022-10-06T18:17:00", "type": "osv", "title": "CVE-2022-41556", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41556"], "modified": "2022-12-03T07:20:12", "id": "OSV:CVE-2022-41556", "href": "https://osv.dev/vulnerability/CVE-2022-41556", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T06:51:14", "description": "\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint.\n\n\n* [CVE-2022-37797](https://security-tracker.debian.org/tracker/CVE-2022-37797)\nAn invalid HTTP request (websocket handshake) may cause a NULL\n pointer dereference in the wstunnel module.\n* [CVE-2022-41556](https://security-tracker.debian.org/tracker/CVE-2022-41556)\nA resource leak in mod\\_fastcgi and mod\\_scgi could lead to a denial\n of service after a large number of bad HTTP requests.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.59-1+deb11u2.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\n\nFor the detailed security status of lighttpd please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/lighttpd](https://security-tracker.debian.org/tracker/lighttpd)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-28T00:00:00", "type": "osv", "title": "lighttpd - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2023-06-28T06:50:30", "id": "OSV:DSA-5243-1", "href": "https://osv.dev/vulnerability/DSA-5243-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2023-06-03T15:07:29", "description": "### Background\n\nLighttpd is a lightweight high-performance web server.\n\n### Description\n\nLighttpd's mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.\n\n### Impact\n\nAn attacker can trigger a denial of service via making Lighttpd try to call an uninitialized function pointer.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll lighttpd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/lighttpd-1.4.67\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-31T00:00:00", "type": "gentoo", "title": "Lighttpd: Denial of Service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-31T00:00:00", "id": "GLSA-202210-12", "href": "https://security.gentoo.org/glsa/202210-12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-06-03T15:12:48", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797) A resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests. (CVE-2022-41556) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-13T20:05:19", "type": "mageia", "title": "Updated lighttpd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-13T20:05:19", "id": "MGASA-2022-0369", "href": "https://advisories.mageia.org/MGASA-2022-0369.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2023-06-03T22:11:25", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5243-1 security@debian.org\nhttps://www.debian.org/security/ Helmut Grohne\nSeptember 28, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nCVE ID : CVE-2022-37797 CVE-2022-41556\n\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint.\n\nCVE-2022-37797\n\n An invalid HTTP request (websocket handshake) may cause a NULL\n pointer dereference in the wstunnel module.\n\nCVE-2022-41556\n\n A resource leak in mod_fastcgi and mod_scgi could lead to a denial\n of service after a large number of bad HTTP requests.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.59-1+deb11u2.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFor the detailed security status of lighttpd please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/lighttpd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-28T16:05:19", "type": "debian", "title": "[SECURITY] [DSA 5243-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-09-28T16:05:19", "id": "DEBIAN:DSA-5243-1:A6710", "href": "https://lists.debian.org/debian-security-announce/2022/msg00212.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-07-21T16:47:01", "description": "## Releases\n\n * Ubuntu 22.10 \n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * lighttpd \\- fast webserver with minimal memory footprint\n\nIt was discovered that lighttpd incorrectly handled certain inputs, which could \nresult in a stack buffer overflow. A remote attacker could possibly use this \nissue to cause a denial of service (DoS). (CVE-2022-22707, CVE-2022-41556)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-28T00:00:00", "type": "ubuntu", "title": "lighttpd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22707", "CVE-2022-41556"], "modified": "2023-02-28T00:00:00", "id": "USN-5903-1", "href": "https://ubuntu.com/security/notices/USN-5903-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
ROS-20221007-02
