10 matches found
Ubuntu: Security Advisory (USN-5903-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0161 Updated lighttpd packages fix security vulnerability
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
Updated lighttpd packages fix security vulnerability
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...
openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:0024-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0024-1 advisory. - In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes...
OPENSUSE-SU-2022:0024-1 Security update for lighttpd
This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.64: CVE-2022-22707: off-by-one stack overflow in the modextforward plugin boo1194376 graceful restart/shutdown timeout changed from 0 disabled to 8 seconds. configure an alternative with: server.feature-flags +=...
OESA-2022-1491 lighttpd security update
Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...
Debian DSA-5040-1 : lighttpd - security update
The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5040 advisory. An out-of-bounds memory access was discovered in the modextforward plugin of the lighttpd web server, which may result in denial of service. For the oldstable...
[SECURITY] [DSA 5040-1] lighttpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5040-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2022 https://www.debian.org/security/faq -...
CVE-2022-22707
CVE-2022-22707 affects lighttpd 1.4.46–1.4.63 via the mod_extforward_Forwarded function, causing a stack-based buffer overflow (4-byte boundary) that can lead to remote denial of service. The issue is more likely on 32-bit systems and occurs in non-default Forwarded header handling. Connected adv...
CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...