14 matches found
EUVD-2007-3934
Malware in sbrugna...
Updated lighttpd packages fix security vulnerability
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. CVE-2022-37797 A...
ROS-20221007-02
Vulnerability of lighttpd web server is related to memory leak in modfastcgi and modscgi modules while processing a large number of incorrect HTTP requests. a large number of malformed HTTP requests. Exploiting the vulnerability could allow an attacker, acting remotely, send multiple invalid HTTP...
Lighttpd < 1.4.67 DoS Vulnerability
Lighttpd is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
[SECURITY] [DSA 5243-1] lighttpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5243-1 [email protected] https://www.debian.org/security/ Helmut Grohne September 28, 2022 https://www.debian.org/security/faq -...
Debian DSA-1362-2 : lighttpd - several vulnerabilities
Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitrary code via the overflow of CGI variables when modfcgi was enabled. The Common Vulnerabilities and Exposures project identifies the following problems : -...
[SECURITY] [DSA 1362-1] New lighttpd packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1362 [email protected] http://www.debian.org/security/ Steve Kemp August 29th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
GLSA-200708-11 : Lighttpd: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200708-11 Lighttpd: Multiple vulnerabilities Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP...
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...
Format string
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...
CVE-2007-3950
CVE-2007-3950 affects lighttpd 1.4.15 on 32‑bit platforms. The issue is caused by incompatible format specifiers in debugging messages within the modules (mod_scgi, mod_fastcgi, mod_webdav), allowing remote attackers to cause a denial of service (daemon crash). The connected documents indicate th...
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...
CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the 1 modscgi, 2 modfastcgi, and 3 modwebdav modules...