SUSE CVE-2019-11072

DISPUTED lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burlnormalize2Ftoslashfix in...

openSUSE Security Update : lighttpd (openSUSE-2019-2347)

This update for lighttpd to version 1.4.54 fixes the following issues : Security issues fixed : - CVE-2018-19052: Fixed a path traversal in modalias boo1115016. - Changed the default TLS configuration of lighttpd for better security out-of-the-box boo1087369. C Tenable Network Security, Inc. The...