40 matches found
ROOT-OS-ALPINE-319-CVE-2024-23770 CVE-2024-23770 in rootio-darkhttpd - Patched by Root
Root has patched CVE-2024-23770 in the rootio-darkhttpd package for Root:Alpine:3.19. Multiple fixed versions available...
ROOT-OS-ALPINE-319-CVE-2024-23771 CVE-2024-23771 in rootio-darkhttpd - Patched by Root
Root has patched CVE-2024-23771 in the rootio-darkhttpd package for Root:Alpine:3.19. Multiple fixed versions available...
ROOT-OS-ALPINE-318-CVE-2024-23770 CVE-2024-23770 in rootio-darkhttpd - Patched by Root
Root has patched CVE-2024-23770 in the rootio-darkhttpd package for Root:Alpine:3.18. Multiple fixed versions available...
ROOT-OS-ALPINE-318-CVE-2024-23771 CVE-2024-23771 in rootio-darkhttpd - Patched by Root
Root has patched CVE-2024-23771 in the rootio-darkhttpd package for Root:Alpine:3.18. Multiple fixed versions available...
Fedora: Security Advisory (FEDORA-2024-25f8e34407)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: darkhttpd-1.16-1.fc39
darkhttpd is a secure, lightweight, fast and single-threaded HTTP/1.1 server. Features: Simple to set up: Single binary, no other files. Standalone, doesn't need inetd or ucspi-tcp. No messing around with config files. Written in C - efficient and portable. Small memory footprint. Event loop,...
[SECURITY] Fedora 40 Update: darkhttpd-1.16-1.fc40
darkhttpd is a secure, lightweight, fast and single-threaded HTTP/1.1 server. Features: Simple to set up: Single binary, no other files. Standalone, doesn't need inetd or ucspi-tcp. No messing around with config files. Written in C - efficient and portable. Small memory footprint. Event loop,...
Fedora 39 : darkhttpd (2024-d638b9a34c)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d638b9a34c advisory. - Update to 1.16 fixes rhbz2259096 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Fedora 40 : darkhttpd (2024-25f8e34407)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-25f8e34407 advisory. - Update to 1.16 fixes rhbz2259096 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Timing Side-Channel Attack
darkhttpd is vulnerable of Timing Side-Channel Attack. The vulnerability due to strcmp is not implemented in constant time. it allows a remote attacker may exploit timing differences in the comparison process to deduce information which leads to bypass authentication...
ALPINE-CVE-2024-23770
darkhttpd through 1.15 allows local users to discover credentials for --auth by listing processes and their arguments...
CVE-2024-23771
darkhttpd before 1.15 uses strcmp which is not constant time to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel...
CVE-2024-23771
darkhttpd before 1.15 uses strcmp which is not constant time to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel...
CVE-2024-23770
darkhttpd through 1.15 allows local users to discover credentials for --auth by listing processes and their arguments...
ALPINE-CVE-2024-23771
darkhttpd before 1.15 uses strcmp which is not constant time to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel...
CVE-2024-23770
darkhttpd through 1.15 allows local users to discover credentials for --auth by listing processes and their arguments...
Default credentials
darkhttpd through 1.15 allows local users to discover credentials for --auth by listing processes and their arguments...
Authentication flaw
darkhttpd before 1.15 uses strcmp which is not constant time to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel...
darkhttpd security vulnerability
darkhttpd is a software application. When you need a web server. A security vulnerability exists in darkhttpd version 1.15 and earlier that stems from allowing local users to discover credentials by listing processes and their parameters...
CVE-2024-23771
darkhttpd before 1.15 uses strcmp which is not constant time to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel...