10 matches found
SUSE CVE-2013-4560
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures...
Medium: lighttpd
Issue Overview: Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, whi...
FreeBSD : lighttpd -- multiple vulnerabilities (90b27045-9530-11e3-9d09-000c2980a9f3)
lighttpd security advisories report : It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list. In certain cases setuid and similar can fail, potentially triggering lighttpd to restart running as root. If FAMMonitorDirectory fails, the memory intended to store the...
lighttpd -- multiple vulnerabilities
lighttpd security advisories report: It is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list. In certain cases setuid and similar can fail, potentially triggering lighttpd to restart running as root. If FAMMonitorDirectory fails, the memory intended to store the conte...
Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:277)
Updated lighttpd packages fix security vulnerabilities : lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the...
DEBIAN-CVE-2013-4560
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures...
CVE-2013-4560
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures...
Design/Logic Flaw
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures...
CVE-2013-4560
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service segmentation fault and crash via unspecified vectors that trigger FAMMonitorDirectory failures...
CVE-2013-4560
lighttpd vulnerable before 1.4.33 due to a use-after-free in FAMMonitorDirectory handling, enabling remote DoS (segfault/crash). Multiple connected sources corroborate the issue and reference mitigation via upgrading to 1.4.34 or newer. No explicit in-the-wild exploit details are provided in the ...