SUSE CVE-2015-3200

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

lighttpd < 1.4.36 mod_auth Arbitrary Log Entries Injection

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.36. It is, therefore, affected by modauth vulnerability that allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a...

lighttpd < 1.4.36 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.36. It is, therefore, affected by the following vulnerabilities : - modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without ...

lighttpd < 1.4.16 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.16. It is, therefore, affected by multiple vulnerabilities : - modauth allows remote attackers to cause a denial of service via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a...

Updated lighttpd packages fix CVE-2015-3200 & other bugs

Updated lighttpd packages fix security vulnerability: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character CVE-2015-3200. The...

CVE-2015-3200

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

DEBIAN-CVE-2015-3200

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

CVE-2015-3200

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

Design/Logic Flaw

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

CVE-2015-3200

The CVE-2015-3200 entry concerns lighttpd mod_auth prior to 1.4.36. A remote attacker can inject log entries via a basic-auth string without a colon, demonstrated using a NULL/newline in the string. Impact is log injection; some references note potential information exposure. Remediation exists: ...

lighttpd -- Log injection vulnerability in mod_auth

MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

lighttpd Denial of Service Vulnerability PoC

No description provided by source. 29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: src/httpauth.c:67...

openSUSE Security Update : lighttpd (openSUSE-2012-110)

added lighttpd-1.4.30headfixes.patch: cherry picked 4 fixes from HEAD : - ssl include more headers explicitly - list all network handlers in lighttpd -V fixes lighttpd2376 - Move fdevent subsystem includes to implementation files to reduce conflicts fixes lighttpd2373 - ssl fix segfault in...

Lighttpd Proof of Concept code for CVE-2011-4362

29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67" --- CUT --- static const short...

Lighttpd Proof of Concept code for CVE-2011-4362

No description provided by source. 29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67...

lighttpd - Denial of Service (PoC)

lighttpd - Denial of Service PoC 29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67"...

lighttpd - Denial of Service (PoC)

29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that modauth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: "src/httpauth.c:67" --- CUT --- static const short...

lighttpd mod_auth模块base64 拒绝服务漏洞

CVE-2011-4362 Lighttpd是一款轻型的开放源码Web Server软件包。 lighttpd在认证数据的解码实现上存在漏洞，攻击者可能利用此漏洞使应用程序崩溃造成拒绝服务。 httpauth.c中的代码在base64解码用户输入的认证数据时使用"const char in"类型，并将每个字符转换为"int ch"作为映射表的索引，大于0x80的字符就会导致负索引，可能造成非法内存访问。 lighttpd =1.4.29 厂商补丁： LightTPD -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Fedora 7 : lighttpd-1.4.16-1.fc7 (2007-1299)

This security bugfix release fixes a header parsing bug, various modauth bugs, a modaccess bug and a modfastcgi local DOS bug. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Debian DSA-1362-2 : lighttpd - several vulnerabilities

Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitrary code via the overflow of CGI variables when modfcgi was enabled. The Common Vulnerabilities and Exposures project identifies the following problems : -...