lighttpd < 1.4.35 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.35. It is, therefore, affected by the following vulnerabilities : - A SQL injection flaw exists in the 'modmysqlvhost' module where user input passed using the hostname is not properly sanitized. A remote...

Lighttpd < 1.4.35 Multiple Vulnerabilities - Active Check

Lighttpd is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:lighttpd:lighttpd"; ifdescription...

lighttpd to 1.4.35 (important)

lighttpd was updated to version 1.4.35, fixing bugs and security issues: CVE-2014-2323: SQL injection vulnerability in modmysqlvhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname. CVE-2014-2323: Multiple directory...

lighttpd < 1.4.35 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.35. It is, therefore, affected by the following vulnerabilities : - A SQL injection flaw exists in the 'modmysqlvhost' module where user input passed using the hostname is not properly sanitized. A remote...

MGASA-2014-0133 Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

Updated lighttpd package fixes security vulnerabilities

SQL injection vulnerability in lighttpd before 1.4.35 when modmysqlvhost is in use, due to insufficient validation of hostnames in HTTP requests CVE-2014-2323. Possible path traversal vulnerabilities in lighttpd before 1.4.35 when either modevhost or modsimplevhost are in use, due to insufficient...

Sql injection

SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...

Debian DSA-2877-1 : lighttpd - security update

Several vulnerabilities were discovered in the lighttpd web server. - CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module modmysqlvhost. This only affects installations with t...

[SECURITY] [DSA 2877-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

DSA-2877-1 lighttpd - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2877-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : lighttpd (lighttpd-309)

Various issues have been fixed in lighttpd. CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360 have been assigned to thess issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update lighttpd-309. The...

openSUSE 10 Security Update : lighttpd (lighttpd-5785)

Various issues have been fixed in lighttpd. CVE-2008-4298, CVE-2008-4359 and CVE-2008-4360 have been assigned to thess issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update lighttpd-5785. Th...