15 matches found
openSUSE Security Update : lighttpd (openSUSE-SU-2012:0240-1)
This update of lighttpd fixes an out-of-bounds read due to a signedness error which could cause a Denial of Service CVE-2011-4362. Additionally an option was added to honor the server cipher order resolves lighttpd2364. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Fedora Update for lighttpd FEDORA-2012-9040
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Medium: lighttpd
Issue Overview: Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers a...
Fedora Update for lighttpd FEDORA-2012-9078
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 17 : lighttpd-1.4.31-1.fc17 (2012-9040)
This update fixes CVE-2011-4362 by updating to the latest release. It also fixes problems that had been reported with previous releases, such as ssl-related crashes on startup. This update fixes some minor SSL related problems, as well as a connection stall bug. This update fixes some minor SSL...
Fedora 16 : lighttpd-1.4.31-1.fc16 (2012-9078)
This update fixes CVE-2011-4362 by updating to the latest release. It also fixes problems that had been reported with previous releases, such as ssl-related crashes on startup. This update fixes some minor SSL related problems, as well as a connection stall bug. This update fixes some minor SSL...
Lighttpd Proof of Concept code for CVE-2011-4362
29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67" --- CUT --- static const short...
Lighttpd Proof of Concept code for CVE-2011-4362
No description provided by source. 29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67...
Lighttpd Proof of Concept code for CVE-2011-4362
Exploit for linux platform in category dos / poc / Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability discovered by Xi Wang Here the vulnerable code src/httpauth.c:67 --- CUT --- static const short base64reversetable256 = -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -...
CVE-2011-4362
Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...
CVE-2011-4362
Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...
CVE-2011-4362
Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...
CVE-2011-4362
CVE-2011-4362 affects lighttpd: a signedness error in the base64_decode routine used by HTTP authentication (http_auth.c) can trigger an out-of-bounds read with a negative index, allowing a remote attacker to cause a denial of service (segmentation fault). Impacted versions are lighttpd 1.4 befor...
[SECURITY] [DSA 2368-1] lighttpd security update
--------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2381-] lighttpd security update
--------------------------------------------------------------------------- Debian Security Advisory DSA-2368-1 [email protected] http://www.debian.org/security/ Nico Golde Dec 20th, 2011 http://www.debian.org/security/faq -...