27 matches found
[SECURITY] [DSA 1362-1] New lighttpd packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1362 [email protected] http://www.debian.org/security/ Steve Kemp August 29th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
GLSA-200708-11 : Lighttpd: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200708-11 Lighttpd: Multiple vulnerabilities Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP...
CVE-2007-3946
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...
Denial of service
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...
CVE-2007-3946
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...
CVE-2007-3946
lighttpd prior to 1.4.16 is affected by CVE-2007-3946 where mod_auth can be abused to crash the daemon via multiple vectors: (1) memory leak, (2) use of md5-sess without a cnonce, (3) base64-encoded strings, and (4) trailing whitespace in the Auth-Digest header. The issue is triggered in the http...
CVE-2007-3946
modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...