EUVD-2007-3934

Malware in sbrugna...

EUVD-2022-44748

Malicious code in bioql PyPI...

Ubuntu 20.04 LTS / 22.04 LTS : lighttpd vulnerabilities (USN-5903-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5903-1 advisory. It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could...

Fedora 35 : lighttpd (2022-c26b19568d)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c26b19568d advisory. 1.4.67 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue but h...

Updated lighttpd packages fix security vulnerability

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. CVE-2022-37797 A...

ROS-20221007-02

Vulnerability of lighttpd web server is related to memory leak in modfastcgi and modscgi modules while processing a large number of incorrect HTTP requests. a large number of malformed HTTP requests. Exploiting the vulnerability could allow an attacker, acting remotely, send multiple invalid HTTP...

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

Design/Logic Flaw

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

CVE-2022-41556

CVE-2022-41556 affects lighttpd 1.4.56–1.4.66, describing a resource leak in gw_backend.c that can cause denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior, related to RDHUP mishandling in certain HTTP/1.1 chunked scenarios (mod_fastcgi also affected). T...

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

CVE-2022-41556

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service connection-slot exhaustion after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example,...

Lighttpd < 1.4.67 DoS Vulnerability

Lighttpd is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

[SECURITY] [DSA 5243-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5243-1 [email protected] https://www.debian.org/security/ Helmut Grohne September 28, 2022 https://www.debian.org/security/faq -...

lighttpd to 1.4.35 (important)

lighttpd was updated to version 1.4.35, fixing bugs and security issues: CVE-2014-2323: SQL injection vulnerability in modmysqlvhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname. CVE-2014-2323: Multiple directory...

Fedora Update for mod_fcgid FEDORA-2010-17474

Check for the Version of modfcgid OpenVAS Vulnerability Test Fedora Update for modfcgid FEDORA-2010-17474 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

lighttpd 1.4.1 Mod_FastCGI请求头部远程溢出漏洞

No description provided by source...

Fedora 7 : lighttpd-1.4.18-1.fc7 (2007-2132)

Lighttpd 1.4.17 and earlier is prone to a header overflow when using the modfastcgi extension, this can lead to arbitrary code execution in the fastcgi application. This 1.4.18 update fixes the issue. Note that Tenable Network Security has extracted the preceding description block directly from t...

Fedora 7 : lighttpd-1.4.16-1.fc7 (2007-1299)

This security bugfix release fixes a header parsing bug, various modauth bugs, a modaccess bug and a modfastcgi local DOS bug. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Lighttpd: Buffer overflow

Background Lighttpd is a lightweight HTTP web server. Description Mattias Bengtsson and Philip Olausson have discovered a buffer overflow vulnerability in the function fcgienvadd in the file modfastcgi.c when processing overly long HTTP headers. Impact A remote attacker could send a specially...