20 matches found
EUVD-2022-40406
Malicious code in bioql PyPI...
openSUSE: Security Advisory for lighttpd (openSUSE-SU-2022:10132-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : lighttpd (ALAS-2023-1705)
The version of lighttpd installed on the remote host is prior to 1.4.53-1.37. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1705 advisory. In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake i...
Important: lighttpd
Issue Overview: In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
Lighttpd: Denial of Service
Background Lighttpd is a lightweight high-performance web server. Description Lighttpd's modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. Impact An attacker can trigger a denial of service via making Lighttpd try to call an...
GLSA-202210-12 : Lighttpd: Denial of Service
The remote host is affected by the vulnerability described in GLSA-202210-12 Lighttpd: Denial of Service - In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes...
Updated lighttpd packages fix security vulnerability
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. CVE-2022-37797 A...
The vulnerability of the mod_wstunnel module in the lighttpd web server allows a hacker to cause a service failure.
The vulnerability of the modwstunnel module in the lighttpd web server is related to pointer dereferencing errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
Debian dla-3133 : lighttpd - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3133 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3133-1 [email protected] https://www.debian.org/lts/security/...
ROS-20221004-02
Vulnerability of lighttpd web server is related to a null pointer dereferencing error in modwstunnel module module when processing invalid HTTP requests. Exploitation of the vulnerability could allow an attacker, remotely, send specially crafted HTTP requests to a vulnerable web server and execut...
openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:10132-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10132-1 advisory. - In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It lea...
Debian DSA-5243-1 : lighttpd - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5243 advisory. Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-37797 An invalid HTTP request websocket handshake ma...
CVE-2022-37797
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
CVE-2022-37797
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
Null pointer dereference
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
CVE-2022-37797
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
CVE-2022-37797
CVE-2022-37797 affects lighttpd 1.4.65 where mod_wstunnel fails to initialize a handler function pointer on invalid websocket handshake requests, causing a NULL pointer dereference and denial of service. Public advisories indicate fixes in newer lighttpd releases (e.g., lighttpd 1.4.67 and later)...
CVE-2022-37797
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...
lighttpd 代码问题漏洞
lighttpd is an open source web server from Jan Kneschke, a German individual developer. A security vulnerability exists in lighttpd 1.4.65, which stems from the fact that modwstunnel does not initialize handler function pointers and can be exploited by an attacker to cause a denial of service...
CVE-2022-37797
In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...