openSUSE: Security Advisory for lighttpd (openSUSE-SU-2022:10132-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : lighttpd (ALAS-2023-1705)

The version of lighttpd installed on the remote host is prior to 1.4.53-1.37. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1705 advisory. In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake i...

Important: lighttpd

Issue Overview: In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

GLSA-202210-12 : Lighttpd: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202210-12 Lighttpd: Denial of Service - In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes...

Mageia: Security Advisory (MGASA-2022-0369)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated lighttpd packages fix security vulnerability

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. CVE-2022-37797 A...

[SECURITY] [DLA 3133-1] lighttpd security update

Debian LTS Advisory DLA-3133-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne October 03, 2022 https://wiki.debian.org/LTS Package : lighttpd Version : 1.4.53-4+deb10u3 CVE ID : CVE-2022-37797 An invalid HTTP request websocket handshake may cause a NULL pointer...

openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:10132-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10132-1 advisory. - In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It lea...

Debian: Security Advisory (DSA-5243-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for lighttpd (moderate)

openSUSE Security Update: Security update for lighttpd Announcement ID: openSUSE-SU-2022:10132-1 Rating: moderate References: 1203358 Cross-References: CVE-2022-37797 CVSS scores: CVE-2022-37797 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-37797 SUSE: 7.5...

[SECURITY] [DSA 5243-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5243-1 [email protected] https://www.debian.org/security/ Helmut Grohne September 28, 2022 https://www.debian.org/security/faq -...

CVE-2022-37797

creationtimestamp| type| source ---|---|--- 2022-09-12 18:23:49+00:00| seen| https://t.me/cibsecurity/49588...

CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

CVE-2022-37797

CVE-2022-37797 affects lighttpd 1.4.65 where mod_wstunnel fails to initialize a handler function pointer on invalid websocket handshake requests, causing a NULL pointer dereference and denial of service. Public advisories indicate fixes in newer lighttpd releases (e.g., lighttpd 1.4.67 and later)...