3 matches found
Lighttpd Web Server Denial Of Service (CVE-2019-11072)
A denial-of-service vulnerability exists in Lighttpd server. This vulnerability is due to improper handling of URL when url-path-2f-decode is enabled. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful...
CVE-2019-11072
lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in burl.c. NOTE:...
CVE-2019-11072
The issue is in lighttpd before 1.4.54 where a signed integer overflow in burl_normalize_2F_to_slash_fix could be triggered by crafted input via HTTP GET requests, potentially causing a denial of service (application crash) and possibly other impact. The vulnerability is tied to a feature introdu...