SUSE CVE-2014-2324

Multiple directory traversal vulnerabilities in 1 modevhost and 2 modsimplevhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. dot dot in the host name, related to requestcheckhostname...

lighttpd < 1.4.35 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.35. It is, therefore, affected by the following vulnerabilities : - A SQL injection flaw exists in the 'modmysqlvhost' module where user input passed using the hostname is not properly sanitized. A remote...

Lighttpd < 1.4.35 Multiple Vulnerabilities - Active Check

Lighttpd is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lighttpd:lighttpd"; ifdescription...

lighttpd to 1.4.35 (important)

lighttpd was updated to version 1.4.35, fixing bugs and security issues: CVE-2014-2323: SQL injection vulnerability in modmysqlvhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname. CVE-2014-2323: Multiple directory...

lighttpd < 1.4.35 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.35. It is, therefore, affected by the following vulnerabilities : - A SQL injection flaw exists in the 'modmysqlvhost' module where user input passed using the hostname is not properly sanitized. A remote...

MGASA-2014-0133 Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

lighttpd目录遍历漏洞

CVE ID：CVE-2014-2324 Lighttpd是德国软件开发者Jan Kneschke所研发的一款开源的Web服务器，它的主要特点是仅需少量的内存及CPU资源即可达到同类网页服务器的性能。 lighttpd modevhost和modsimplevhost虚拟主机模块中存在目录遍历漏洞。远程攻击者可借助特制的主机名利用该漏洞读取任意文件。 0 lighttpd 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.lighttpd.net/2014/3/12/1.4.35/...

CVE-2014-2324

Multiple directory traversal vulnerabilities in 1 modevhost and 2 modsimplevhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. dot dot in the host name, related to requestcheckhostname...

CVE-2014-2324

Multiple directory traversal vulnerabilities in 1 modevhost and 2 modsimplevhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. dot dot in the host name, related to requestcheckhostname...

CVE-2014-2324

CVE-2014-2323 and CVE-2014-2324 affect lighttpd prior to 1.4.35. The issues include: (1) SQL injection in mod_mysql_vhost.c via the host name (CVE-2014-2323); and (2) directory traversal via host-name input in mod_evhost and mod_simple_vhost (CVE-2014-2324). These allow remote attackers to manipu...

Debian DSA-2877-1 : lighttpd - security update

Several vulnerabilities were discovered in the lighttpd web server. - CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module modmysqlvhost. This only affects installations with t...

[SECURITY] [DSA 2877-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

DSA-2877-1 lighttpd - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2877-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...