82 matches found
lighttpd -- multiple vulnerabilities
Lighttpd seurity annoucement: lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are used...
NULLhttpd <= 0.5.1 XSS through Bad request
Luigi Auriemma Application: NULLhttpd http://nullhttpd.sourceforge.net/httpd/ Versions: = 0.5.1 Platforms: All supported Win & Unix Bug: Cross site scripting Risk: Low Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2 Bug 3 The Code 4 Fix...