MGASA-2022-0161 Updated lighttpd packages fix security vulnerability

In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as demonstrated by remote denial of service daemon crash in a non-default configuration. The non-default configuration requires handling of...

MGASA-2016-0398 Updated lighttpd packages fix security vulnerability

Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...

MGASA-2013-0334 Updated lighttpd packages fix multiple security vulnerbilities

Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the...