7 matches found
Gentoo Security Advisory GLSA 200708-11 (lighttpd)
The remote host is missing updates announced in advisory GLSA 200708-11. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200708-11 (lighttpd)
The remote host is missing updates announced in advisory GLSA 200708-11. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1362-1 (lighttpd)
The remote host is missing an update to lighttpd announced via advisory DSA 1362-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Debian Security Advisory DSA 1362-1 (lighttpd)
The remote host is missing an update to lighttpd announced via advisory DSA 1362-1. OpenVAS Vulnerability Test $Id: deb13621.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1362-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
openSUSE 10 Security Update : lighttpd (lighttpd-3985)
Multiple bugs in lighttpd allowed remote attackers to crash lighttpd, circumvent access restricions or even execute code. CVE-2007-3946, CVE-2007-3947, CVE-2007-3948, CVE-2007-3949, CVE-2007-3950 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
CVE-2007-3946
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...
CVE-2007-3946
lighttpd prior to 1.4.16 is affected by CVE-2007-3946 where mod_auth can be abused to crash the daemon via multiple vectors: (1) memory leak, (2) use of md5-sess without a cnonce, (3) base64-encoded strings, and (4) trailing whitespace in the Auth-Digest header. The issue is triggered in the http...