Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.5 views

SUSE CVE-2013-4508

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network...

7.5CVSS6.6AI score0.02626EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.38 views

openSUSE Security Update : lighttpd (openSUSE-SU-2014:0072-1)

added cve-2013-4508.patch and cve-2013-4508-regression-bug729480.patch: bnc849059 When defining an ssl.cipher-list, it works for the 'default' HTTPS setup $SERVER'socket' 443 block, but when you utilize SNI $HTTP'host' blocks within the $SERVER'socket' block the ssl.cipher-list seems to not...

7.6CVSS6.7AI score0.10721EPSS
Exploits1References7
Amazon
Amazon
added 2014/03/06 12:0 a.m.49 views

Medium: lighttpd

Issue Overview: Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, whi...

7.6CVSS7.2AI score0.10721EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/02/24 12:0 a.m.31 views

Fedora 20 : lighttpd-1.4.34-3.fc20 (2014-2495)

Enable building with PIE Latest upstream, multiple security fixes. http://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple security fixes. http://www.lighttpd.net/2014/1/20/1-4-34/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedor...

7.6CVSS6.7AI score0.10721EPSS
Exploits1References12
securityvulns
securityvulns
added 2013/11/18 12:0 a.m.77 views

[SECURITY] [DSA 2795-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...

7.6CVSS1.7AI score0.10721EPSS
Exploits1
Debian
Debian
added 2013/11/13 6:11 a.m.31 views

[SECURITY] [DSA 2795-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...

7.6CVSS1.8AI score0.10721EPSS
Exploits1
OSV
OSV
added 2013/11/08 4:47 a.m.10 views

CVE-2013-4508

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network...

7.5CVSS7.3AI score
Exploits0References14
CVE
CVE
added 2013/11/08 2:0 a.m.235 views

CVE-2013-4508

Lighttpd has a CVE-2013-4508 issue where, when SNI is enabled, it configures weak SSL ciphers. This can allow remote attackers to hijack sessions or sniff sensitive data. Affected versions are lighttpd prior to 1.4.34 (and related pre-1.4.34 configurations); multiple advisories confirm the vulner...

7.5CVSS7.2AI score0.02626EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder