{"id": "SECURITYVULNS:DOC:19540", "bulletinFamily": "software", "title": "rPSA-2008-0132-1 lighttpd", "description": "rPath Security Advisory: 2008-0132-1\r\nPublished: 2008-03-31\r\nProducts:\r\n rPath Linux 1\r\n\r\nRating: Major\r\nExposure Level Classification:\r\n Remote Deterministic Denial of Service\r\nUpdated Versions:\r\n lighttpd=conary.rpath.com@rpl:1/1.4.18-0.5-1\r\n\r\nrPath Issue Tracking System:\r\n https://issues.rpath.com/browse/RPL-2407\r\n\r\nReferences:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531\r\n\r\nDescription:\r\n Previous versions of the lighttpd package are vulnerable to a remote\r\n Denial of Service attack in which the termination of one SSL connection\r\n may cause another concurrent SSL connection to terminate prematurely.\r\n \r\n lighttpd is not installed by default on rPath Linux systems, and no\r\n default configuration file is provided; only systems customized to\r\n include and configure lighttpd are vulnerable.\r\n \r\n Appliances built with rPath Appliance Platform Agent 2 use lighttpd and\r\n are vulnerable to this denial of service attack. All appliances built\r\n using rPath Appliance Platform Agent 2 should be updated to include the\r\n latest release of lighttpd.\r\n\r\nhttp://wiki.rpath.com/Advisories:rPSA-2008-0132\r\n\r\nCopyright 2008 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html", "published": "2008-04-01T00:00:00", "modified": "2008-04-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19540", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2008-1531"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "edition": 1, "viewCount": 7, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2018-08-31T11:10:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:60808"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2018-08-31T11:10:25", "rev": 2}, "vulnersScore": 5.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"cve": [{"id": "CVE-2008-1531", "vendorId": null, "hash": "c4a830131526cc4ac5cc1e1559f2d22e", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2018-10-31T19:23:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1531", "reporter": "cve@mitre.org", "references": ["http://trac.lighttpd.net/trac/ticket/285#comment:21", "http://secunia.com/advisories/29505", "http://www.securityfocus.com/archive/1/490323/100/0/threaded", "http://trac.lighttpd.net/trac/ticket/285#comment:18", "https://issues.rpath.com/browse/RPL-2407", "http://www.vupen.com/english/advisories/2008/1063/references", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41545", "http://trac.lighttpd.net/trac/changeset/2136", "http://www.osvdb.org/43788", "http://trac.lighttpd.net/trac/changeset/2140", "http://security.gentoo.org/glsa/glsa-200804-08.xml", "http://secunia.com/advisories/30023", "http://trac.lighttpd.net/trac/changeset/2139", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html", "http://secunia.com/advisories/29649", "http://www.securityfocus.com/bid/28489", "http://secunia.com/advisories/29636", "http://secunia.com/advisories/29544", "https://bugs.gentoo.org/show_bug.cgi?id=214892", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html", "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132", "http://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-04-21T20:41:33", "history": [{"bulletin": {"id": "CVE-2008-1531", "vendorId": null, "hash": "b60d3119fac8007211058674d61e47329dad38f6be3ea10167d2b61fb1c1c100", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2018-10-31T19:23:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1531", "reporter": "cve@mitre.org", "references": ["http://trac.lighttpd.net/trac/ticket/285#comment:21", "http://secunia.com/advisories/29505", "http://www.securityfocus.com/archive/1/490323/100/0/threaded", "http://trac.lighttpd.net/trac/ticket/285#comment:18", "https://issues.rpath.com/browse/RPL-2407", "http://www.vupen.com/english/advisories/2008/1063/references", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41545", "http://trac.lighttpd.net/trac/changeset/2136", "http://www.osvdb.org/43788", "http://trac.lighttpd.net/trac/changeset/2140", "http://security.gentoo.org/glsa/glsa-200804-08.xml", "http://secunia.com/advisories/30023", "http://trac.lighttpd.net/trac/changeset/2139", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html", "http://secunia.com/advisories/29649", "http://www.securityfocus.com/bid/28489", "http://secunia.com/advisories/29636", "http://secunia.com/advisories/29544", "https://bugs.gentoo.org/show_bug.cgi?id=214892", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html", "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132", "http://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-02-02T05:35:12", "history": [], "viewCount": 29, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:12", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-02-02T05:35:12", "rev": 2, "value": 5.0, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2021-02-02T05:35:12", "tweets": [{"link": "https://twitter.com/GdsLivestream/status/1364265564399624194", "text": "Vulnerability Found:CVE-2008-1531 - The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0,"}, {"link": "https://twitter.com/GdsLivestream/status/1364265564399624194", "text": "Vulnerability Found:CVE-2008-1531 - The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0,"}, {"link": "https://twitter.com/GdsLivestream/status/1364344388030144514", "text": "Vulnerability Found:CVE-2008-1531 - The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0,"}, {"link": "https://twitter.com/GdsLivestream/status/1365736422171361308", "text": "Vulnerability Found:CVE-2008-1531 - The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0,"}]}}, "objectVersion": "1.6", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/a:lighttpd:lighttpd:1.4.19"], "cpe23": ["cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "4.0"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "le", "version": "1.4.19"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "lt", "version": "1.5.0"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:1.5.0:*:*:*:*:*:*:*", "versionEndExcluding": "1.5.0", "versionStartIncluding": "1.5", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.19", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "SUSE-SR:2008:011", "refsource": "SUSE", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "ADV-2008-1063", "refsource": "VUPEN", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1063/references"}, {"name": "28489", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28489"}, {"name": "20080331 rPSA-2008-0132-1 lighttpd", "refsource": "BUGTRAQ", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/490323/100/0/threaded"}, {"name": "29636", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29636"}, {"name": "30023", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30023"}, {"name": "http://trac.lighttpd.net/trac/changeset/2136", "refsource": "CONFIRM", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/changeset/2136"}, {"name": "lighttpd-sslerror-dos(41545)", "refsource": "XF", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41545"}, {"name": "http://trac.lighttpd.net/trac/changeset/2139", "refsource": "CONFIRM", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/changeset/2139"}, {"name": "https://issues.rpath.com/browse/RPL-2407", "refsource": "CONFIRM", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-2407"}, {"name": "29505", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29505"}, {"name": "http://trac.lighttpd.net/trac/changeset/2140", "refsource": "CONFIRM", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/changeset/2140"}, {"name": "43788", "refsource": "OSVDB", "tags": ["Broken Link"], "url": "http://www.osvdb.org/43788"}, {"name": "http://trac.lighttpd.net/trac/ticket/285#comment:18", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/ticket/285#comment:18"}, {"name": "http://trac.lighttpd.net/trac/ticket/285#comment:21", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/ticket/285#comment:21"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132", "refsource": "CONFIRM", "tags": ["Third Party Advisory"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=214892", "refsource": "CONFIRM", "tags": ["Third Party Advisory"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=214892"}, {"name": "FEDORA-2008-3376", "refsource": "FEDORA", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html"}, {"name": "FEDORA-2008-3343", "refsource": "FEDORA", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html"}, {"name": "GLSA-200804-08", "refsource": "GENTOO", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200804-08.xml"}, {"name": "DSA-1540", "refsource": "DEBIAN", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1540"}, {"name": "29649", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29649"}, {"name": "29544", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29544"}]}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T05:35:12"}, {"bulletin": {"id": "CVE-2008-1531", "vendorId": null, "hash": "8c0422ae60798a375b71a031206b6ad20e458fa000a0bf8228b7322978c9efc1", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2018-10-31T19:23:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1531", "reporter": "cve@mitre.org", "references": ["http://trac.lighttpd.net/trac/ticket/285#comment:21", "http://secunia.com/advisories/29505", "http://www.securityfocus.com/archive/1/490323/100/0/threaded", "http://trac.lighttpd.net/trac/ticket/285#comment:18", "https://issues.rpath.com/browse/RPL-2407", "http://www.vupen.com/english/advisories/2008/1063/references", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41545", "http://trac.lighttpd.net/trac/changeset/2136", "http://www.osvdb.org/43788", "http://trac.lighttpd.net/trac/changeset/2140", "http://security.gentoo.org/glsa/glsa-200804-08.xml", "http://secunia.com/advisories/30023", "http://trac.lighttpd.net/trac/changeset/2139", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html", "http://secunia.com/advisories/29649", "http://www.securityfocus.com/bid/28489", "http://secunia.com/advisories/29636", "http://secunia.com/advisories/29544", "https://bugs.gentoo.org/show_bug.cgi?id=214892", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html", "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132", "http://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-09-21T13:59:15", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:15", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-09-21T13:59:15", "rev": 2, "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/a:lighttpd:lighttpd:1.4.19"], "cpe23": ["cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "4.0"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "le", "version": "1.4.19"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "lt", "version": "1.5.0"}], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": []}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T13:59:15"}, {"bulletin": {"id": "CVE-2008-1531", "vendorId": null, "hash": "4d7455c7651a57794fdb6f8d3a241921c994f6af13bea6615b1ba7138ebf1154", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2018-10-31T19:23:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1531", "reporter": "cve@mitre.org", "references": ["http://trac.lighttpd.net/trac/ticket/285#comment:21", "http://secunia.com/advisories/29505", "http://www.securityfocus.com/archive/1/490323/100/0/threaded", "http://trac.lighttpd.net/trac/ticket/285#comment:18", "https://issues.rpath.com/browse/RPL-2407", "http://www.vupen.com/english/advisories/2008/1063/references", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41545", "http://trac.lighttpd.net/trac/changeset/2136", "http://www.osvdb.org/43788", "http://trac.lighttpd.net/trac/changeset/2140", "http://security.gentoo.org/glsa/glsa-200804-08.xml", "http://secunia.com/advisories/30023", "http://trac.lighttpd.net/trac/changeset/2139", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html", "http://secunia.com/advisories/29649", "http://www.securityfocus.com/bid/28489", "http://secunia.com/advisories/29636", "http://secunia.com/advisories/29544", "https://bugs.gentoo.org/show_bug.cgi?id=214892", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html", "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132", "http://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2019-05-29T18:09:25", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2019-05-29T18:09:25", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2019-05-29T18:09:25", "rev": 2, "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "cpe": ["cpe:/a:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:4.0"], "cpe23": ["cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"name": "debian debian_linux", "operator": "eq", "version": "4.0"}, {"name": "lighttpd lighttpd", "operator": "le", "version": "1.4.19"}], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": []}, "differentElements": ["cpe23", "cpe", "affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:09:25"}, {"bulletin": {"id": "CVE-2008-1531", "vendorId": null, "hash": "78b4ee1c708584d6af1151f7af97a590cbcdff0739a84b08078d302ce5070ecb", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2018-10-31T19:23:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1531", "reporter": "cve@mitre.org", "references": ["http://trac.lighttpd.net/trac/ticket/285#comment:21", "http://secunia.com/advisories/29505", "http://www.securityfocus.com/archive/1/490323/100/0/threaded", "http://trac.lighttpd.net/trac/ticket/285#comment:18", "https://issues.rpath.com/browse/RPL-2407", "http://www.vupen.com/english/advisories/2008/1063/references", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41545", "http://trac.lighttpd.net/trac/changeset/2136", "http://www.osvdb.org/43788", "http://trac.lighttpd.net/trac/changeset/2140", "http://security.gentoo.org/glsa/glsa-200804-08.xml", "http://secunia.com/advisories/30023", "http://trac.lighttpd.net/trac/changeset/2139", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html", "http://secunia.com/advisories/29649", "http://www.securityfocus.com/bid/28489", "http://secunia.com/advisories/29636", "http://secunia.com/advisories/29544", "https://bugs.gentoo.org/show_bug.cgi?id=214892", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html", "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132", "http://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-11-29T22:56:09", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:09", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-11-29T22:56:09", "rev": 2, "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/a:lighttpd:lighttpd:1.4.19"], "cpe23": ["cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "le", "version": "*"}, {"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "4.0"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "lt", "version": "*"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:1.5.0:*:*:*:*:*:*:*", "versionEndExcluding": "1.5.0", "versionStartIncluding": "1.5", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.19", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": []}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-29T22:56:09"}, {"bulletin": {"id": "CVE-2008-1531", "vendorId": null, "hash": "1fd2c02e7c125dd6f6744928c3ddf28b6ebc6c53fedfd4270c3878752c9e039f", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2018-10-31T19:23:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1531", "reporter": "cve@mitre.org", "references": ["http://trac.lighttpd.net/trac/ticket/285#comment:21", "http://secunia.com/advisories/29505", "http://www.securityfocus.com/archive/1/490323/100/0/threaded", "http://trac.lighttpd.net/trac/ticket/285#comment:18", "https://issues.rpath.com/browse/RPL-2407", "http://www.vupen.com/english/advisories/2008/1063/references", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41545", "http://trac.lighttpd.net/trac/changeset/2136", "http://www.osvdb.org/43788", "http://trac.lighttpd.net/trac/changeset/2140", "http://security.gentoo.org/glsa/glsa-200804-08.xml", "http://secunia.com/advisories/30023", "http://trac.lighttpd.net/trac/changeset/2139", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html", "http://secunia.com/advisories/29649", "http://www.securityfocus.com/bid/28489", "http://secunia.com/advisories/29636", "http://secunia.com/advisories/29544", "https://bugs.gentoo.org/show_bug.cgi?id=214892", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html", "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html", "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132", "http://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-12-09T19:28:21", "history": [], "viewCount": 28, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:21", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-12-09T19:28:21", "rev": 2, "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/a:lighttpd:lighttpd:1.4.19"], "cpe23": ["cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "4.0"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "le", "version": "1.4.19"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "lt", "version": "1.5.0"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:1.5.0:*:*:*:*:*:*:*", "versionEndExcluding": "1.5.0", "versionStartIncluding": "1.5", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.19", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": []}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T19:28:21"}], "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:60808"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-04-21T20:41:33", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-04-21T20:41:33", "rev": 2}, "twitter": {"counter": 4, "modified": "2021-02-02T05:35:12", "tweets": [{"link": "https://twitter.com/GdsLivestream/status/1364265564399624194", "text": "Vulnerability Found:CVE-2008-1531 - The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0,"}, {"link": "https://twitter.com/GdsLivestream/status/1364265564399624194", "text": "Vulnerability Found:CVE-2008-1531 - The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0,"}, {"link": "https://twitter.com/GdsLivestream/status/1364344388030144514", "text": "Vulnerability Found:CVE-2008-1531 - The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0,"}, {"link": "https://twitter.com/GdsLivestream/status/1365736422171361308", "text": "Vulnerability Found:CVE-2008-1531 - The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0,"}]}}, "objectVersion": "1.6", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/a:lighttpd:lighttpd:1.4.19"], "cpe23": ["cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "debian:debian_linux", "name": "debian debian linux", "operator": "eq", "version": "4.0"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "le", "version": "1.4.19"}, {"cpeName": "lighttpd:lighttpd", "name": "lighttpd", "operator": "lt", "version": "1.5.0"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.19", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.0", "versionStartIncluding": "1.5", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "SUSE-SR:2008:011", "refsource": "SUSE", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "ADV-2008-1063", "refsource": "VUPEN", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1063/references"}, {"name": "28489", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/28489"}, {"name": "20080331 rPSA-2008-0132-1 lighttpd", "refsource": "BUGTRAQ", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/490323/100/0/threaded"}, {"name": "29636", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29636"}, {"name": "30023", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/30023"}, {"name": "http://trac.lighttpd.net/trac/changeset/2136", "refsource": "CONFIRM", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/changeset/2136"}, {"name": "lighttpd-sslerror-dos(41545)", "refsource": "XF", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41545"}, {"name": "http://trac.lighttpd.net/trac/changeset/2139", "refsource": "CONFIRM", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/changeset/2139"}, {"name": "https://issues.rpath.com/browse/RPL-2407", "refsource": "CONFIRM", "tags": ["Broken Link"], "url": "https://issues.rpath.com/browse/RPL-2407"}, {"name": "29505", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29505"}, {"name": "http://trac.lighttpd.net/trac/changeset/2140", "refsource": "CONFIRM", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/changeset/2140"}, {"name": "43788", "refsource": "OSVDB", "tags": ["Broken Link"], "url": "http://www.osvdb.org/43788"}, {"name": "http://trac.lighttpd.net/trac/ticket/285#comment:18", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/ticket/285#comment:18"}, {"name": "http://trac.lighttpd.net/trac/ticket/285#comment:21", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "http://trac.lighttpd.net/trac/ticket/285#comment:21"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132", "refsource": "CONFIRM", "tags": ["Third Party Advisory"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0132"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=214892", "refsource": "CONFIRM", "tags": ["Third Party Advisory"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=214892"}, {"name": "FEDORA-2008-3376", "refsource": "FEDORA", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html"}, {"name": "FEDORA-2008-3343", "refsource": "FEDORA", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html"}, {"name": "GLSA-200804-08", "refsource": "GENTOO", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200804-08.xml"}, {"name": "DSA-1540", "refsource": "DEBIAN", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1540"}, {"name": "29649", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29649"}, {"name": "29544", "refsource": "SECUNIA", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/29544"}], "_object_type": "robots.models.cve.CveBulletin", "_object_types": ["robots.models.cve.CveBulletin", "robots.models.base.Bulletin"]}], "debiancve": [{"id": "DEBIANCVE:CVE-2008-1531", "vendorId": null, "hash": "561051ee66e7c818b6e3aa89475f47e8", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2008-03-27T23:44:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2008-1531", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2022-01-22T04:24:27", "history": [{"bulletin": {"id": "DEBIANCVE:CVE-2008-1531", "vendorId": null, "hash": "3a39ce5989b3daf97f4e303344bacedb", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T00:00:00", "modified": "2008-03-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2008-1531", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-11-29T13:58:56", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-11-29T13:58:56", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-11-29T13:58:56", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "lighttpd_1.4.61-1_all.deb", "packageVersion": "1.4.61-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "lighttpd_1.4.59-1_all.deb", "packageVersion": "1.4.59-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "lighttpd_1.4.53-4+deb10u1_all.deb", "packageVersion": "1.4.53-4+deb10u1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "lighttpd_1.4.61-1_all.deb", "packageVersion": "1.4.61-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "lighttpd_1.4.45-1_all.deb", "packageVersion": "1.4.45-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}]}, "lastseen": "2021-11-29T13:58:56", "differentElements": ["description"], "edition": 1}, {"bulletin": {"id": "DEBIANCVE:CVE-2008-1531", "vendorId": null, "hash": "d164b446d5f37c8a0a566ae03e39018b", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4. ...", "published": "2008-03-27T00:00:00", "modified": "2008-03-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2008-1531", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-12-04T19:26:48", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-3376.NASL", "FEDORA_2008-3343.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:860683", "OPENVAS:60793", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:860849", "OPENVAS:61364", "OPENVAS:860205"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-12-04T19:26:48", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-12-04T19:26:48", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "lighttpd_1.4.61-1_all.deb", "packageVersion": "1.4.61-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "lighttpd_1.4.59-1_all.deb", "packageVersion": "1.4.59-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "lighttpd_1.4.53-4+deb10u1_all.deb", "packageVersion": "1.4.53-4+deb10u1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "lighttpd_1.4.61-1_all.deb", "packageVersion": "1.4.61-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "lighttpd_1.4.45-1_all.deb", "packageVersion": "1.4.45-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}]}, "lastseen": "2021-12-04T19:26:48", "differentElements": ["description"], "edition": 2}, {"bulletin": {"id": "DEBIANCVE:CVE-2008-1531", "vendorId": null, "hash": "3a39ce5989b3daf97f4e303344bacedb", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T00:00:00", "modified": "2008-03-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2008-1531", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-12-05T10:48:07", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-3376.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:860205", "OPENVAS:60808", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:60834"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-12-05T10:48:07", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-12-05T10:48:07", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "lighttpd_1.4.61-1_all.deb", "packageVersion": "1.4.61-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "lighttpd_1.4.59-1_all.deb", "packageVersion": "1.4.59-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "lighttpd_1.4.53-4+deb10u1_all.deb", "packageVersion": "1.4.53-4+deb10u1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "lighttpd_1.4.61-1_all.deb", "packageVersion": "1.4.61-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "lighttpd_1.4.45-1_all.deb", "packageVersion": "1.4.45-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}]}, "lastseen": "2021-12-05T10:48:07", "differentElements": ["affectedPackage", "modified", "published"], "edition": 3}, {"bulletin": {"id": "DEBIANCVE:CVE-2008-1531", "vendorId": null, "hash": "25ece41238988a91c83fb3e09c8b47ef", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2008-03-27T23:44:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2008-1531", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-12-14T17:50:07", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-3376.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:860205", "OPENVAS:60808", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:60834"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-12-05T10:48:07", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-12-05T10:48:07", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "lighttpd_1.4.61-1_all.deb", "packageVersion": "1.4.61-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "lighttpd_1.4.59-1_all.deb", "packageVersion": "1.4.59-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "lighttpd_1.4.53-4+deb10u1_all.deb", "packageVersion": "1.4.53-4+deb10u1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "lighttpd_1.4.63-1_all.deb", "packageVersion": "1.4.63-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "lighttpd_1.4.45-1_all.deb", "packageVersion": "1.4.45-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}]}, "lastseen": "2021-12-14T17:50:07", "differentElements": ["affectedPackage"], "edition": 4}, {"bulletin": {"id": "DEBIANCVE:CVE-2008-1531", "vendorId": null, "hash": "da72f890b562d9de6e4e7ae8c2df68b9", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2008-03-27T23:44:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2008-1531", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-12-17T05:53:26", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:860205", "OPENVAS:60808", "OPENVAS:60834", "OPENVAS:60793", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:860683"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "nessus", "idList": ["SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-3343.NASL", "FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "DEBIAN_DSA-1540.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_20.NASL", "4698.PRM"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-12-17T05:53:26", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-12-17T05:53:26", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "lighttpd_1.4.63-1_all.deb", "packageVersion": "1.4.63-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "lighttpd_1.4.59-1_all.deb", "packageVersion": "1.4.59-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "lighttpd_1.4.53-4+deb10u1_all.deb", "packageVersion": "1.4.53-4+deb10u1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "lighttpd_1.4.63-1_all.deb", "packageVersion": "1.4.63-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "lighttpd_1.4.45-1_all.deb", "packageVersion": "1.4.45-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}]}, "lastseen": "2021-12-17T05:53:26", "differentElements": ["affectedPackage"], "edition": 5}, {"bulletin": {"id": "DEBIANCVE:CVE-2008-1531", "vendorId": null, "hash": "76adec35cf7581a59cccd97b9919537a", "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.", "published": "2008-03-27T23:44:00", "modified": "2008-03-27T23:44:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2008-1531", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2022-01-20T07:34:03", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-3376.NASL", "SUSE_LIGHTTPD-5216.NASL", "4698.PRM", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60793", "OPENVAS:60834", "OPENVAS:860849", "OPENVAS:61364", "OPENVAS:860205", "OPENVAS:60786", "OPENVAS:60808", "OPENVAS:860683"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2022-01-20T07:34:03", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2022-01-20T07:34:03", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "lighttpd_1.4.63-1_all.deb", "packageVersion": "1.4.63-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "lighttpd_1.4.59-1_all.deb", "packageVersion": "1.4.59-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "lighttpd_1.4.53-4+deb10u1_all.deb", "packageVersion": "1.4.53-4+deb10u1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "lighttpd_1.4.64-1_all.deb", "packageVersion": "1.4.64-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "lighttpd_1.4.45-1_all.deb", "packageVersion": "1.4.45-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}]}, "lastseen": "2022-01-20T07:34:03", "differentElements": ["affectedPackage"], "edition": 6}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3376.NASL", "4698.PRM", "SUSE_LIGHTTPD-5216.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "FEDORA_2008-4119.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60808", "OPENVAS:860205", "OPENVAS:860683", "OPENVAS:60834"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2022-01-22T04:24:27", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2022-01-22T04:24:27", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "lighttpd_1.4.64-1_all.deb", "packageVersion": "1.4.64-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "lighttpd_1.4.59-1_all.deb", "packageVersion": "1.4.59-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "lighttpd_1.4.53-4+deb10u1_all.deb", "packageVersion": "1.4.53-4+deb10u1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "lighttpd_1.4.64-1_all.deb", "packageVersion": "1.4.64-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "lighttpd_1.4.45-1_all.deb", "packageVersion": "1.4.45-1", "operator": "lt", "status": "resolved", "packageName": "lighttpd"}], "_object_type": "robots.models.debiancve.DebianCveBulletin", "_object_types": ["robots.models.debiancve.DebianCveBulletin", "robots.models.base.Bulletin"]}], "ubuntucve": [{"id": "UB:CVE-2008-1531", "vendorId": null, "hash": "d82a225c94d0f4a8f25b882556e894ba", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19\nand earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a\ndenial of service (active SSL connection loss) by triggering an SSL error,\nsuch as disconnecting before a download has finished, which causes all\nactive SSL connections to be lost.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/209627>\n * <https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490>\n", "published": "2008-03-27T00:00:00", "modified": "2008-03-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2008-1531", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://nvd.nist.gov/vuln/detail/CVE-2008-1531", "https://launchpad.net/bugs/cve/CVE-2008-1531", "https://security-tracker.debian.org/tracker/CVE-2008-1531"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-11-22T22:01:11", "history": [{"bulletin": {"id": "UB:CVE-2008-1531", "vendorId": null, "hash": "1ec5c063b99cbbe57cb78d739b79a683", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19\nand earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a\ndenial of service (active SSL connection loss) by triggering an SSL error,\nsuch as disconnecting before a download has finished, which causes all\nactive SSL connections to be lost.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/209627>\n * <https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490>\n", "published": "2008-03-27T00:00:00", "modified": "2008-03-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2008-1531", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://nvd.nist.gov/vuln/detail/CVE-2008-1531", "https://launchpad.net/bugs/cve/CVE-2008-1531", "https://security-tracker.debian.org/tracker/CVE-2008-1531"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-01T01:07:48", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860683", "OPENVAS:60834", "OPENVAS:60793", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60808", "OPENVAS:860849"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-3:02F0A"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "SUSE_LIGHTTPD-5216.NASL", "DEBIAN_DSA-1540.NASL", "GENTOO_GLSA-200804-08.NASL"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-01T01:07:48", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-07-01T01:07:48", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.4.19", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "lighttpd"}], "bugs": ["https://launchpad.net/bugs/209627", "https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490"]}, "lastseen": "2021-07-01T01:07:48", "differentElements": ["cvss2"], "edition": 1}, {"bulletin": {"id": "UB:CVE-2008-1531", "vendorId": null, "hash": "d5fd96748abbf78523d5a8dfc5bd40fe", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2008-1531", "description": "The connection_state_machine function (connections.c) in lighttpd 1.4.19\nand earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a\ndenial of service (active SSL connection loss) by triggering an SSL error,\nsuch as disconnecting before a download has finished, which causes all\nactive SSL connections to be lost.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/209627>\n * <https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490>\n", "published": "2008-03-27T00:00:00", "modified": "2008-03-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2008-1531", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://nvd.nist.gov/vuln/detail/CVE-2008-1531", "https://launchpad.net/bugs/cve/CVE-2008-1531", "https://security-tracker.debian.org/tracker/CVE-2008-1531"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-31T02:14:23", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200804-08.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:860849"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-31T02:14:23", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-07-31T02:14:23", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.4.19", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "lighttpd"}], "bugs": ["https://launchpad.net/bugs/209627", "https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490"]}, "lastseen": "2021-07-31T02:14:23", "differentElements": ["affectedPackage"], "edition": 2}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-11-22T22:01:11", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-11-22T22:01:11", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1.4.19", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "lighttpd"}], "bugs": ["https://launchpad.net/bugs/209627", "https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490"], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "freebsd": [{"id": "1AC77649-0908-11DD-974D-000FEA2763CE", "vendorId": null, "hash": "2c52b7d12e39a1ac0f6e6698bf4a6b59", "type": "freebsd", "bulletinFamily": "unix", "title": "lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability", "description": "\n\nSecunia reports:\n\nA vulnerability has been reported in lighttpd, which can be\n\t exploited by malicious people to cause a DoS (Denial of\n\t Service).\nThe vulnerability is caused due to lighttpd not properly clearing\n\t the OpenSSL error queue. This can be exploited to close concurrent\n\t SSL connections of lighttpd by terminating one SSL connection.\n\n\n", "published": "2008-04-02T00:00:00", "modified": "2008-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html", "reporter": "FreeBSD", "references": ["http://secunia.com/advisories/29649", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2022-01-19T16:03:50", "history": [{"bulletin": {"id": "1AC77649-0908-11DD-974D-000FEA2763CE", "vendorId": null, "hash": "a2c1c5d12efbad8b8d015188e610efd11b6383da88a29ed54b9e09257114cb61", "type": "freebsd", "bulletinFamily": "unix", "title": "lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability", "description": "\nSecunia reports:\n\nA vulnerability has been reported in lighttpd, which can be\n\t exploited by malicious people to cause a DoS (Denial of\n\t Service).\nThe vulnerability is caused due to lighttpd not properly clearing\n\t the OpenSSL error queue. This can be exploited to close concurrent\n\t SSL connections of lighttpd by terminating one SSL connection.\n\n", "published": "2008-04-02T00:00:00", "modified": "2008-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html", "reporter": "FreeBSD", "references": ["http://secunia.com/advisories/29649", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2016-09-26T17:24:58", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.2", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lighttpd", "packageVersion": "1.4.19_1"}]}, "lastseen": "2016-09-26T17:24:58", "differentElements": ["cvss"], "edition": 1}, {"bulletin": {"id": "1AC77649-0908-11DD-974D-000FEA2763CE", "vendorId": null, "hash": "d9c85abe5121d1358e696abbce884034b1ff9382206316f3dbaadb33088ebfda", "type": "freebsd", "bulletinFamily": "unix", "title": "lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability", "description": "\nSecunia reports:\n\nA vulnerability has been reported in lighttpd, which can be\n\t exploited by malicious people to cause a DoS (Denial of\n\t Service).\nThe vulnerability is caused due to lighttpd not properly clearing\n\t the OpenSSL error queue. This can be exploited to close concurrent\n\t SSL connections of lighttpd by terminating one SSL connection.\n\n", "published": "2008-04-02T00:00:00", "modified": "2008-04-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html", "reporter": "FreeBSD", "references": ["http://secunia.com/advisories/29649", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-08-30T19:15:46", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lighttpd", "packageVersion": "1.4.19_1"}]}, "lastseen": "2018-08-30T19:15:46", "differentElements": ["cvss"], "edition": 2}, {"bulletin": {"id": "1AC77649-0908-11DD-974D-000FEA2763CE", "vendorId": null, "hash": "a2c1c5d12efbad8b8d015188e610efd11b6383da88a29ed54b9e09257114cb61", "type": "freebsd", "bulletinFamily": "unix", "title": "lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability", "description": "\nSecunia reports:\n\nA vulnerability has been reported in lighttpd, which can be\n\t exploited by malicious people to cause a DoS (Denial of\n\t Service).\nThe vulnerability is caused due to lighttpd not properly clearing\n\t the OpenSSL error queue. This can be exploited to close concurrent\n\t SSL connections of lighttpd by terminating one SSL connection.\n\n", "published": "2008-04-02T00:00:00", "modified": "2008-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html", "reporter": "FreeBSD", "references": ["http://secunia.com/advisories/29649", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-08-31T01:15:35", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T01:15:35", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lighttpd", "packageVersion": "1.4.19_1"}]}, "lastseen": "2018-08-31T01:15:35", "differentElements": ["cvss"], "edition": 3}, {"bulletin": {"id": "1AC77649-0908-11DD-974D-000FEA2763CE", "vendorId": null, "hash": "c261121349abaabc832d8a43f1e66f7bbaf969515a40a6cbb08f59c5a6fdedde", "type": "freebsd", "bulletinFamily": "unix", "title": "lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability", "description": "\nSecunia reports:\n\nA vulnerability has been reported in lighttpd, which can be\n\t exploited by malicious people to cause a DoS (Denial of\n\t Service).\nThe vulnerability is caused due to lighttpd not properly clearing\n\t the OpenSSL error queue. This can be exploited to close concurrent\n\t SSL connections of lighttpd by terminating one SSL connection.\n\n", "published": "2008-04-02T00:00:00", "modified": "2008-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html", "reporter": "FreeBSD", "references": ["http://secunia.com/advisories/29649", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2019-05-29T18:34:27", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-05-29T18:34:27", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2019-05-29T18:34:27", "rev": 2, "value": 5.8, "vector": "NONE"}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lighttpd", "packageVersion": "1.4.19_1"}]}, "lastseen": "2019-05-29T18:34:27", "differentElements": ["cvss2"], "edition": 4}, {"bulletin": {"id": "1AC77649-0908-11DD-974D-000FEA2763CE", "vendorId": null, "hash": "f6791c24ccdcdade9e1359ca99f5faa0", "type": "freebsd", "bulletinFamily": "unix", "title": "lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability", "description": "\nSecunia reports:\n\nA vulnerability has been reported in lighttpd, which can be\n\t exploited by malicious people to cause a DoS (Denial of\n\t Service).\nThe vulnerability is caused due to lighttpd not properly clearing\n\t the OpenSSL error queue. This can be exploited to close concurrent\n\t SSL connections of lighttpd by terminating one SSL connection.\n\n", "published": "2008-04-02T00:00:00", "modified": "2008-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html", "reporter": "FreeBSD", "references": ["http://secunia.com/advisories/29649", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-28T14:52:36", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-28T14:52:36", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-07-28T14:52:36", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lighttpd", "packageVersion": "1.4.19_1"}]}, "lastseen": "2021-07-28T14:52:36", "differentElements": ["description"], "edition": 5}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200804-08.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3376.NASL", "FEDORA_2008-3343.NASL", "4698.PRM", "FEDORA_2008-4119.NASL", "LIGHTTPD_1_4_20.NASL", "DEBIAN_DSA-1540.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60834", "OPENVAS:860683", "OPENVAS:60808", "OPENVAS:860849", "OPENVAS:860205", "OPENVAS:60793"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2022-01-19T16:03:50", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2022-01-19T16:03:50", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "packageVersion": "1.4.19_1", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lighttpd"}], "_object_type": "robots.models.freebsd.FreebsdBulletin", "_object_types": ["robots.models.freebsd.FreebsdBulletin", "robots.models.base.Bulletin"]}], "fedora": [{"id": "FEDORA:M4HMRUMQ016877", "hash": "b20eeaa4e6fb1e65264352ae5c959d0d799035187ae5a346007762c795844e49", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 9 Update: lighttpd-1.4.19-4.fc9", "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. Available rpmbuild rebuild options : --with : gamin webdavprops webdavlocks memcache --without : ldap gdbm lua (cml) ", "published": "2008-05-17T22:28:22", "modified": "2008-05-17T22:28:22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2008-1531"], "lastseen": "2020-12-21T08:17:49", "history": [{"bulletin": {"bulletinFamily": "unix", "cvelist": ["CVE-2008-1531"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. Available rpmbuild rebuild options : --with : gamin webdavprops webdavlocks memcache --without : ldap gdbm lua (cml) ", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-12-21T08:17:49", "references": [{"idList": ["FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-12-21T08:17:49", "rev": 2, "value": 6.1, "vector": "NONE"}}, "hash": "8850743dfbf83f0fb16b51f5617ad8d169bfb3ad2545394515d26ec4ffa6b68b", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f06e43fbc40f0b6e7152246aa0ff7a65", "key": "description"}, {"hash": "3eaa65ed53fa155bc675536a4529a5f1", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "f12528995e5edd96b95dd904444dea04", "key": "reporter"}, {"hash": "8a053050743f8eaab24d10f345d8244e", "key": "modified"}, {"hash": "8a053050743f8eaab24d10f345d8244e", "key": "published"}, {"hash": "442546ea185fa9a15f8132fd6d17ce8b", "key": "cvelist"}, {"hash": "e11c718b99e26b1ca8b45f2df455c70b", "key": "type"}], "history": [], "href": "", "id": "FEDORA:M4HMRUMQ016877", "immutableFields": [], "lastseen": "2020-12-21T08:17:49", "modified": "2008-05-17T22:28:22", "objectVersion": "1.5", "published": "2008-05-17T22:28:22", "references": [], "reporter": "Fedora", "title": "[SECURITY] Fedora 9 Update: lighttpd-1.4.19-4.fc9", "type": "fedora", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2020-12-21T08:17:49"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "Fedora", "OSVersion": "9", "arch": "any", "packageName": "lighttpd", "packageVersion": "1.4.19", "packageFilename": "UNKNOWN", "operator": "lt"}], "_object_type": "robots.models.fedora.FedoraBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.fedora.FedoraBulletin"], "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "442546ea185fa9a15f8132fd6d17ce8b"}, {"key": "cvss", "hash": "741b18e744e3f37108cd8c3f4a1c6ef7"}, {"key": "cvss2", "hash": "497bc610268b9555b01688437435adc2"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "f06e43fbc40f0b6e7152246aa0ff7a65"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8a053050743f8eaab24d10f345d8244e"}, {"key": "published", "hash": "8a053050743f8eaab24d10f345d8244e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f12528995e5edd96b95dd904444dea04"}, {"key": "title", "hash": "3eaa65ed53fa155bc675536a4529a5f1"}, {"key": "type", "hash": "e11c718b99e26b1ca8b45f2df455c70b"}], "scheme": null}, {"id": "FEDORA:M3TLCX57031009", "hash": "73c0f657ee90f8bb788585e7e43b20b44345f85d3a53b99893504916505be347", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 8 Update: lighttpd-1.4.19-4.fc8", "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. Available rpmbuild rebuild options : --with : gamin webdavprops webdavlocks memcache --without : ldap gdbm lua (cml) ", "published": "2008-04-29T20:57:25", "modified": "2008-04-29T20:57:25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2008-0983", "CVE-2008-1111", "CVE-2008-1531"], "lastseen": "2020-12-21T08:17:49", "history": [{"bulletin": {"bulletinFamily": "unix", "cvelist": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. Available rpmbuild rebuild options : --with : gamin webdavprops webdavlocks memcache --without : ldap gdbm lua (cml) ", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-12-21T08:17:49", "references": [{"idList": ["FEDORA:M26GBUVJ013264", "FEDORA:M26GA81O013031", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["SSV:3182", "SSV:2987"], "type": "seebug"}, {"idList": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"], "type": "cve"}, {"idList": ["SECURITYVULNS:VULN:8763", "SECURITYVULNS:VULN:8732", "SECURITYVULNS:DOC:19307", "SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:DOC:19359"], "type": "securityvulns"}, {"idList": ["UB:CVE-2008-1531", "UB:CVE-2008-0983", "UB:CVE-2008-1111"], "type": "ubuntucve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1513-1:EC932", "DEBIAN:DSA-1609-1:32609"], "type": "debian"}, {"idList": ["GLSA-200804-08", "GLSA-200803-10"], "type": "gentoo"}, {"idList": ["OPENVAS:860293", "OPENVAS:61364", "OPENVAS:60499", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683", "OPENVAS:60513", "OPENVAS:860246"], "type": "openvas"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5107.NASL", "DEBIAN_DSA-1513.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-2262.NASL", "FEDORA_2008-3343.NASL", "GENTOO_GLSA-200803-10.NASL", "FEDORA_2008-2278.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-12-21T08:17:49", "rev": 2, "value": 6.1, "vector": "NONE"}}, "hash": "23375b027d3f27b69a21136d11e2cff6584f086ce16adbf7ad18480ec6f44c30", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "318baa6fac1daca4531bdeba8edb6c2c", "key": "modified"}, {"hash": "a1c18ce213d65f2a066b6c34cf18800e", "key": "title"}, {"hash": "a26842a678b3e6e24b32b0c812697467", "key": "cvelist"}, {"hash": "f06e43fbc40f0b6e7152246aa0ff7a65", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "f12528995e5edd96b95dd904444dea04", "key": "reporter"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "318baa6fac1daca4531bdeba8edb6c2c", "key": "published"}, {"hash": "e11c718b99e26b1ca8b45f2df455c70b", "key": "type"}], "history": [], "href": "", "id": "FEDORA:M3TLCX57031009", "immutableFields": [], "lastseen": "2020-12-21T08:17:49", "modified": "2008-04-29T20:57:25", "objectVersion": "1.5", "published": "2008-04-29T20:57:25", "references": [], "reporter": "Fedora", "title": "[SECURITY] Fedora 8 Update: lighttpd-1.4.19-4.fc8", "type": "fedora", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2020-12-21T08:17:49"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0983", "UB:CVE-2008-1111", "UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531", "DEBIANCVE:CVE-2008-1111", "DEBIANCVE:CVE-2008-0983"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M26GA81O013031", "FEDORA:M26GBUVJ013264"]}, {"type": "openvas", "idList": ["OPENVAS:61357", "OPENVAS:860293", "OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60513", "OPENVAS:60786", "OPENVAS:860246", "OPENVAS:60499", "OPENVAS:61364", "OPENVAS:60808"]}, {"type": "gentoo", "idList": ["GLSA-200804-08", "GLSA-200803-10"]}, {"type": "nessus", "idList": ["SUSE_LIGHTTPD-5107.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-2278.NASL", "4411.PRM", "GENTOO_GLSA-200804-08.NASL", "DEBIAN_DSA-1609.NASL", "4698.PRM", "GENTOO_GLSA-200803-10.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "FEDORA_2008-2262.NASL", "DEBIAN_DSA-1513.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "seebug", "idList": ["SSV:2987", "SSV:3182"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1513-1:EC932", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1609-1:32609"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19307", "SECURITYVULNS:DOC:19359", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8763", "SECURITYVULNS:VULN:8732", "SECURITYVULNS:VULN:8849"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "Fedora", "OSVersion": "8", "arch": "any", "packageName": "lighttpd", "packageVersion": "1.4.19", "packageFilename": "UNKNOWN", "operator": "lt"}], "_object_type": "robots.models.fedora.FedoraBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.fedora.FedoraBulletin"], "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "a26842a678b3e6e24b32b0c812697467"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "f06e43fbc40f0b6e7152246aa0ff7a65"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "318baa6fac1daca4531bdeba8edb6c2c"}, {"key": "published", "hash": "318baa6fac1daca4531bdeba8edb6c2c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f12528995e5edd96b95dd904444dea04"}, {"key": "title", "hash": "a1c18ce213d65f2a066b6c34cf18800e"}, {"key": "type", "hash": "e11c718b99e26b1ca8b45f2df455c70b"}], "scheme": null}, {"id": "FEDORA:M3TL8N73030514", "hash": "32c226359a5b4d3c19a3462a43185cb41acfd3c01a6c36fcb417b1107b88057d", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 7 Update: lighttpd-1.4.19-4.fc7", "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. Available rpmbuild rebuild options : --with : gamin webdavprops webdavlocks memcache --without : ldap gdbm lua (cml) ", "published": "2008-04-29T20:54:00", "modified": "2008-04-29T20:54:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2008-0983", "CVE-2008-1111", "CVE-2008-1531"], "lastseen": "2020-12-21T08:17:49", "history": [{"bulletin": {"bulletinFamily": "unix", "cvelist": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. Available rpmbuild rebuild options : --with : gamin webdavprops webdavlocks memcache --without : ldap gdbm lua (cml) ", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-12-21T08:17:49", "references": [{"idList": ["OPENVAS:860293", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:60499", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:60834", "OPENVAS:860683", "OPENVAS:60513", "OPENVAS:860246"], "type": "openvas"}, {"idList": ["SSV:3182", "SSV:2987"], "type": "seebug"}, {"idList": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"], "type": "cve"}, {"idList": ["SECURITYVULNS:VULN:8763", "SECURITYVULNS:VULN:8732", "SECURITYVULNS:DOC:19307", "SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:DOC:19359"], "type": "securityvulns"}, {"idList": ["UB:CVE-2008-1531", "UB:CVE-2008-0983", "UB:CVE-2008-1111"], "type": "ubuntucve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1513-1:EC932", "DEBIAN:DSA-1609-1:32609"], "type": "debian"}, {"idList": ["GLSA-200804-08", "GLSA-200803-10"], "type": "gentoo"}, {"idList": ["FEDORA:M26GBUVJ013264", "FEDORA:M26GA81O013031", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"], "type": "fedora"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5107.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "DEBIAN_DSA-1513.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-2262.NASL", "GENTOO_GLSA-200803-10.NASL", "FEDORA_2008-2278.NASL"], "type": "nessus"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-12-21T08:17:49", "rev": 2, "value": 6.1, "vector": "NONE"}}, "hash": "a8ea13f9b65ac720398a939be5261f9a9a3d2deb603beff0fc353c87b792326d", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "e5eef9f9c4f0835192f9b7894a0e1dff", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "a26842a678b3e6e24b32b0c812697467", "key": "cvelist"}, {"hash": "f06e43fbc40f0b6e7152246aa0ff7a65", "key": "description"}, {"hash": "6f48ffd306fb925cfa3606d11a422dee", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "f12528995e5edd96b95dd904444dea04", "key": "reporter"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "6f48ffd306fb925cfa3606d11a422dee", "key": "published"}, {"hash": "e11c718b99e26b1ca8b45f2df455c70b", "key": "type"}], "history": [], "href": "", "id": "FEDORA:M3TL8N73030514", "immutableFields": [], "lastseen": "2020-12-21T08:17:49", "modified": "2008-04-29T20:54:00", "objectVersion": "1.5", "published": "2008-04-29T20:54:00", "references": [], "reporter": "Fedora", "title": "[SECURITY] Fedora 7 Update: lighttpd-1.4.19-4.fc7", "type": "fedora", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2020-12-21T08:17:49"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0983", "UB:CVE-2008-1111", "UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531", "DEBIANCVE:CVE-2008-1111", "DEBIANCVE:CVE-2008-0983"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M26GBUVJ013264", "FEDORA:M26GA81O013031"]}, {"type": "openvas", "idList": ["OPENVAS:61357", "OPENVAS:860293", "OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60513", "OPENVAS:60786", "OPENVAS:860246", "OPENVAS:60499", "OPENVAS:61364", "OPENVAS:60808"]}, {"type": "gentoo", "idList": ["GLSA-200804-08", "GLSA-200803-10"]}, {"type": "nessus", "idList": ["SUSE_LIGHTTPD-5107.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-2278.NASL", "4411.PRM", "GENTOO_GLSA-200804-08.NASL", "DEBIAN_DSA-1609.NASL", "4698.PRM", "GENTOO_GLSA-200803-10.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "FEDORA_2008-2262.NASL", "DEBIAN_DSA-1513.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19307", "SECURITYVULNS:DOC:19359", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8763", "SECURITYVULNS:VULN:8732", "SECURITYVULNS:VULN:8849"]}, {"type": "seebug", "idList": ["SSV:2987", "SSV:3182"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1513-1:EC932", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1609-1:32609"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "Fedora", "OSVersion": "7", "arch": "any", "packageName": "lighttpd", "packageVersion": "1.4.19", "packageFilename": "UNKNOWN", "operator": "lt"}], "_object_type": "robots.models.fedora.FedoraBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.fedora.FedoraBulletin"], "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "a26842a678b3e6e24b32b0c812697467"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "f06e43fbc40f0b6e7152246aa0ff7a65"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "6f48ffd306fb925cfa3606d11a422dee"}, {"key": "published", "hash": "6f48ffd306fb925cfa3606d11a422dee"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f12528995e5edd96b95dd904444dea04"}, {"key": "title", "hash": "e5eef9f9c4f0835192f9b7894a0e1dff"}, {"key": "type", "hash": "e11c718b99e26b1ca8b45f2df455c70b"}], "scheme": null}], "nessus": [{"id": "DEBIAN_DSA-1540.NASL", "hash": "39b07ed0e6b44c02fd83113c213935f3", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1540-1 : lighttpd - denial of service", "description": "It was discovered that lighttpd, a fast webserver with minimal memory footprint, didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.", "published": "2008-04-11T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31810", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-19T12:25:57", "history": [{"bulletin": {"id": "DEBIAN_DSA-1540.NASL", "hash": "4f4756ee3e2cd24f7f3b319c4c6145d19c58f40c8bf6137473b6768931e0ee5b", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1540-1 : lighttpd - denial of service", "description": "It was discovered that lighttpd, a fast webserver with minimal memory footprint, didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.", "published": "2008-04-11T00:00:00", "modified": "2018-08-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31810", "reporter": "Tenable", "references": ["http://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-08-10T17:33:15", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31810", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1540. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31810);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_xref(name:\"DSA\", value:\"1540\");\n\n script_name(english:\"Debian DSA-1540-1 : lighttpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2008/dsa-1540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-08-10T17:33:15", "differentElements": ["sourceData"], "edition": 1}, {"bulletin": {"id": "DEBIAN_DSA-1540.NASL", "hash": "1c86468a1cddcc9bf6073d1e6551b64b1ec3df6234231c61d7235c13848977d7", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1540-1 : lighttpd - denial of service", "description": "It was discovered that lighttpd, a fast webserver with minimal memory footprint, didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.", "published": "2008-04-11T00:00:00", "modified": "2018-08-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31810", "reporter": "Tenable", "references": ["http://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-11-11T08:43:38", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31810", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1540. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31810);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_xref(name:\"DSA\", value:\"1540\");\n\n script_name(english:\"Debian DSA-1540-1 : lighttpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-11-11T08:43:38", "differentElements": ["cvss", "description", "href", "modified", "references", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "DEBIAN_DSA-1540.NASL", "hash": "2272abd6ad31820f32f305f41d50af37013e76395b59bc812809fad19a46a372", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1540-1 : lighttpd - denial of service", "description": "It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn", "published": "2008-04-11T00:00:00", "modified": "2020-03-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31810", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-03-17T23:00:15", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-03-17T23:00:15", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL"], "type": "nessus"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}]}, "score": {"modified": "2020-03-17T23:00:15", "value": 5.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31810", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1540. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31810);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_xref(name:\"DSA\", value:\"1540\");\n\n script_name(english:\"Debian DSA-1540-1 : lighttpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-03-17T23:00:15", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "DEBIAN_DSA-1540.NASL", "hash": "ee0067141072e1bd9d732451bd3b27c8a1f3c3311a427843777b93cfed909fa5", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1540-1 : lighttpd - denial of service", "description": "It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn", "published": "2008-04-11T00:00:00", "modified": "2020-07-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31810", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-07-01T01:10:10", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-07-01T01:10:10", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL"], "type": "nessus"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-07-01T01:10:10", "rev": 2, "value": 5.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31810", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1540. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31810);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_xref(name:\"DSA\", value:\"1540\");\n\n script_name(english:\"Debian DSA-1540-1 : lighttpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-07-01T01:10:10", "differentElements": ["description", "modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "DEBIAN_DSA-1540.NASL", "hash": "26334895cb4661e41c99f617b8d2826905504401e7d62b0243c3716e5b27cd0f", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1540-1 : lighttpd - denial of service", "description": "It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.", "published": "2008-04-11T00:00:00", "modified": "2008-04-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31810", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-01-06T09:45:00", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-01-06T09:45:00", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL"], "type": "nessus"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-01-06T09:45:00", "rev": 2, "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31810", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1540. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31810);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_xref(name:\"DSA\", value:\"1540\");\n\n script_name(english:\"Debian DSA-1540-1 : lighttpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-06T09:45:00", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "DEBIAN_DSA-1540.NASL", "hash": "c570f9ecd6eeb02a435a9bb4ed77945d", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1540-1 : lighttpd - denial of service", "description": "It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.", "published": "2008-04-11T00:00:00", "modified": "2008-04-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31810", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-28T23:02:00", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200804-08.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:860849"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-28T23:02:00", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-07-28T23:02:00", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31810", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1540. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31810);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_xref(name:\"DSA\", value:\"1540\");\n\n script_name(english:\"Debian DSA-1540-1 : lighttpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:02:00", "differentElements": ["cvss2", "cvss3", "description", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "DEBIAN_DSA-1540.NASL", "hash": "16fbb3facc113b89c332aa1ff2515a37", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-1540-1 : lighttpd - denial of service", "description": "It was discovered that lighttpd, a fast webserver with minimal memory footprint, didn't correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.", "published": "2008-04-11T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31810", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://www.debian.org/security/2008/dsa-1540"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-12T13:14:12", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:860683"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-3376.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_20.NASL", "SUSE_LIGHTTPD-5216.NASL", "4698.PRM", "FEDORA_2008-3343.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-12T13:14:12", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-08-12T13:14:12", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31810", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1540. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31810);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_xref(name:\"DSA\", value:\"1540\");\n\n script_name(english:\"Debian DSA-1540-1 : lighttpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "cpe:/o:debian:debian_linux:4.0"], "solution": "Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch7.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-04-07T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:14:12", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-19T12:25:57", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-08-19T12:25:57", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31810", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1540. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31810);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_xref(name:\"DSA\", value:\"1540\");\n\n script_name(english:\"Debian DSA-1540-1 : lighttpd - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow a\nremote attacker to disconnect all active SSL connections.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1540\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-doc\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.13-4etch7\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.13-4etch7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "cpe:/o:debian:debian_linux:4.0"], "solution": "Upgrade the lighttpd package.\n\nFor the stable distribution (etch), this problem has been fixed in version 1.4.13-4etch7.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-04-07T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FEDORA_2008-3376.NASL", "hash": "af622ea0a1e0deb8cc7cfd1b35fbbd12", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/32100", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "http://www.nessus.org/u?514ba8fe"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-19T13:10:42", "history": [{"bulletin": {"id": "FEDORA_2008-3376.NASL", "hash": "7b51a47ef8df88e10a5c3c3b9ef1372113dbdaffc24516f08ceacd9bc5547b63", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2015-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32100", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?514ba8fe"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2017-10-29T13:45:13", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3376.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32100);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:13:39 $\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3376\");\n\n script_name(english:\"Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?514ba8fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"lighttpd-1.4.19-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2017-10-29T13:45:13", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "FEDORA_2008-3376.NASL", "hash": "dd980fa753a2d363bb892e9d574b5d8f4f0f24b00d282bf539cb543eb3e1240f", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)", "description": "This update fixes a bug where a user could kill another user", "published": "2008-05-01T00:00:00", "modified": "2020-07-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32100", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?514ba8fe"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-07-01T01:24:45", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-07-01T01:24:45", "references": [{"idList": ["FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-07-01T01:24:45", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32100", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3376.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32100);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3376\");\n\n script_name(english:\"Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?514ba8fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"lighttpd-1.4.19-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-07-01T01:24:45", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "FEDORA_2008-3376.NASL", "hash": "f978188aaedb24f8a3f2c29a216b34b250769dc468354ab35018e1b7a54ccf67", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)", "description": "This update fixes a bug where a user could kill another user", "published": "2008-05-01T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32100", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?514ba8fe"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-09-04T01:40:17", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-09-04T01:40:17", "references": [{"idList": ["FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-09-04T01:40:17", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32100", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3376.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32100);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3376\");\n\n script_name(english:\"Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?514ba8fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"lighttpd-1.4.19-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-04T01:40:17", "differentElements": ["description", "modified"], "edition": 3}, {"bulletin": {"id": "FEDORA_2008-3376.NASL", "hash": "55f422658b8361eb157355e69d65732f4c112779d50be533c6676a4e238a8622", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)", "description": "This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32100", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?514ba8fe"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-12-01T10:07:27", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-12-01T10:07:27", "references": [{"idList": ["FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-12-01T10:07:27", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32100", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3376.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32100);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3376\");\n\n script_name(english:\"Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?514ba8fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"lighttpd-1.4.19-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T10:07:27", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FEDORA_2008-3376.NASL", "hash": "30e171d60df56bf34189d3a1f4fde23e0d9ff5ce450f9a0e4f05db57e738922d", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)", "description": "This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2008-05-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32100", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?514ba8fe"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-01-12T10:06:30", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-01-12T10:06:30", "references": [{"idList": ["FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-01-12T10:06:30", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3376.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32100);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3376\");\n\n script_name(english:\"Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?514ba8fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"lighttpd-1.4.19-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-12T10:06:30", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FEDORA_2008-3376.NASL", "hash": "4d687f5e443aff2e5d17487b11593fea", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)", "description": "This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2008-05-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32100", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?514ba8fe"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-28T23:25:02", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200804-08.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:860849"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-28T23:25:02", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-07-28T23:25:02", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3376.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32100);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3376\");\n\n script_name(english:\"Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?514ba8fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"lighttpd-1.4.19-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:25:02", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "FEDORA_2008-3376.NASL", "hash": "d0d811e8c8cbf247e787eb8f6c60ef91", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/32100", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?514ba8fe", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://bugzilla.redhat.com/show_bug.cgi?id=439066"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-12T13:14:03", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:860683"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877"]}, {"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "DEBIAN_DSA-1540.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_20.NASL", "SUSE_LIGHTTPD-5216.NASL", "4698.PRM", "FEDORA_2008-3343.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-12T13:14:03", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-12T13:14:03", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3376.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32100);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3376\");\n\n script_name(english:\"Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?514ba8fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"lighttpd-1.4.19-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:8"], "solution": "Update the affected lighttpd package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-04-29T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:14:03", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-19T13:10:42", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-19T13:10:42", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3376.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32100);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3376\");\n\n script_name(english:\"Fedora 8 : lighttpd-1.4.19-4.fc8 (2008-3376)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?514ba8fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"lighttpd-1.4.19-4.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:8"], "solution": "Update the affected lighttpd package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-04-29T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "hash": "e638d75d4001d906b1882c0247332ad2", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)", "description": "Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of lighttpd by terminating one SSL connection.", "published": "2008-04-17T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31953", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?54c267ec", "http://trac.lighttpd.net/trac/ticket/285", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-19T13:10:53", "history": [{"bulletin": {"id": "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "hash": "4dc7613e3e7534efa370401049a10e4a766236bf9a5f9d38c6ee0e7ec9d554c4", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)", "description": "Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.", "published": "2008-04-17T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31953", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?54c267ec", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2019-11-01T02:37:09", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-11-01T02:37:09", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}]}, "score": {"modified": "2019-11-01T02:37:09", "value": 5.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31953", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31953);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"Secunia\", value:\"29649\");\n\n script_name(english:\"FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/285\"\n );\n # https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54c267ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.19_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-11-01T02:37:09", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "hash": "2a27f7671a85bd3429132d8bd5527cad0bba74fdb0eaa185081d506e92fdea2c", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)", "description": "Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.", "published": "2008-04-17T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31953", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?54c267ec", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2019-12-13T07:27:18", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-12-13T07:27:18", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}]}, "score": {"modified": "2019-12-13T07:27:18", "value": 5.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31953", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31953);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"Secunia\", value:\"29649\");\n\n script_name(english:\"FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/285\"\n );\n # https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54c267ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.19_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-12-13T07:27:18", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "hash": "238749c6b93240ee52fa95e12ef46cbc091441c7e530b2772cb629ad9d40391b", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)", "description": "Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.", "published": "2008-04-17T00:00:00", "modified": "2020-01-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31953", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?54c267ec", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-01-01T07:39:45", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-01-01T07:39:45", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}]}, "score": {"modified": "2020-01-01T07:39:45", "value": 5.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31953", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31953);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"Secunia\", value:\"29649\");\n\n script_name(english:\"FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/285\"\n );\n # https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54c267ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.19_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-01-01T07:39:45", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "hash": "2a7652734bbcc346f7a6a732f34bb3e1148b4fc061530555234648e883bc4aed", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)", "description": "Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.", "published": "2008-04-17T00:00:00", "modified": "2020-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31953", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?54c267ec", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-04-01T00:04:34", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-04-01T00:04:34", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-04-01T00:04:34", "rev": 2, "value": 5.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31953", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31953);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:39\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"Secunia\", value:\"29649\");\n\n script_name(english:\"FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/285\"\n );\n # https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54c267ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.19_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-04-01T00:04:34", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "hash": "536702554b36d9bbd6cea39ee2ab36878fceb01f47fe66de0564abbeffb36a2c", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)", "description": "Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.", "published": "2008-04-17T00:00:00", "modified": "2008-04-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31953", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?54c267ec", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-01-07T10:40:13", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-01-07T10:40:13", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-01-07T10:40:13", "rev": 2, "value": 5.2, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31953);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"Secunia\", value:\"29649\");\n\n script_name(english:\"FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/285\"\n );\n # https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54c267ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.19_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:40:13", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "hash": "49e5004ca16f01821ba8837ed15f58dd", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)", "description": "Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.", "published": "2008-04-17T00:00:00", "modified": "2008-04-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31953", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?54c267ec", "http://trac.lighttpd.net/trac/ticket/285"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-29T00:05:29", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-4119.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-3343.NASL", "4698.PRM", "FEDORA_2008-3376.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "openvas", "idList": ["OPENVAS:60786", "OPENVAS:860849", "OPENVAS:60834", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:60808", "OPENVAS:860205", "OPENVAS:61364"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-29T00:05:29", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-07-29T00:05:29", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31953);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"Secunia\", value:\"29649\");\n\n script_name(english:\"FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/285\"\n );\n # https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54c267ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.19_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:05:29", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "hash": "f150cb9e88828c35f176558388269456", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)", "description": "Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of lighttpd by terminating one SSL connection.", "published": "2008-04-17T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31953", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://trac.lighttpd.net/trac/ticket/285", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "http://www.nessus.org/u?54c267ec"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-12T13:13:57", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:860683"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-3376.NASL", "DEBIAN_DSA-1540.NASL", "LIGHTTPD_1_4_20.NASL", "SUSE_LIGHTTPD-5216.NASL", "4698.PRM", "FEDORA_2008-3343.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-12T13:13:57", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-08-12T13:13:57", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31953);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"Secunia\", value:\"29649\");\n\n script_name(english:\"FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/285\"\n );\n # https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54c267ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.19_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:lighttpd", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-04-13T00:00:00", "vulnerabilityPublicationDate": "2008-04-02T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-12T13:13:57", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-19T13:10:53", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-08-19T13:10:53", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31953);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"Secunia\", value:\"29649\");\n\n script_name(english:\"FreeBSD : lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability (1ac77649-0908-11dd-974d-000fea2763ce)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA vulnerability has been reported in lighttpd, which can be exploited\nby malicious people to cause a DoS (Denial of Service).\n\nThe vulnerability is caused due to lighttpd not properly clearing the\nOpenSSL error queue. This can be exploited to close concurrent SSL\nconnections of lighttpd by terminating one SSL connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.lighttpd.net/trac/ticket/285\"\n );\n # https://vuxml.freebsd.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54c267ec\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.19_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:lighttpd", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-04-13T00:00:00", "vulnerabilityPublicationDate": "2008-04-02T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FEDORA_2008-3343.NASL", "hash": "65e2ce21dd08106b0718f9e74170e486", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/32094", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?1fcb60f4", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-19T13:10:40", "history": [{"bulletin": {"id": "FEDORA_2008-3343.NASL", "hash": "5a01d6e7967d6f376ced541d76568bb52c00cfbb32458060e26a8ad4dcee70a9", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2015-10-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32094", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?1fcb60f4"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-08-30T19:46:49", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3343.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32094);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:13:39 $\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3343\");\n\n script_name(english:\"Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009587.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fcb60f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"lighttpd-1.4.19-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-08-30T19:46:49", "differentElements": ["cvss", "modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "FEDORA_2008-3343.NASL", "hash": "a1535f2de189341e54ec179f2aadfe06b84b5ffd806136266db04f49f6485a65", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2018-11-28T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32094", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?1fcb60f4"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-11-29T19:32:18", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3343.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32094);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/11/28 22:47:42\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3343\");\n\n script_name(english:\"Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009587.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fcb60f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"lighttpd-1.4.19-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-11-29T19:32:18", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "FEDORA_2008-3343.NASL", "hash": "2ce9e2653a783d71cf3405f37bdcfd27bcb35bf14518d0376b0da08ffdc4a76a", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)", "description": "This update fixes a bug where a user could kill another user", "published": "2008-05-01T00:00:00", "modified": "2020-05-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32094", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?1fcb60f4"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-05-03T02:16:07", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-05-03T02:16:07", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-05-03T02:16:07", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32094", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3343.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32094);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3343\");\n\n script_name(english:\"Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009587.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fcb60f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"lighttpd-1.4.19-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-05-03T02:16:07", "differentElements": ["description", "modified", "reporter", "sourceData"], "edition": 3}, {"bulletin": {"id": "FEDORA_2008-3343.NASL", "hash": "2d895569ae3331ffd0e3c953a38a8fa44d40a3225bff3616654b356132b9424f", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)", "description": "This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2008-05-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32094", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?1fcb60f4"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-01-12T10:06:30", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-01-12T10:06:30", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-01-12T10:06:30", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3343.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32094);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3343\");\n\n script_name(english:\"Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009587.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fcb60f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"lighttpd-1.4.19-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-12T10:06:30", "differentElements": ["cvss2"], "edition": 4}, {"bulletin": {"id": "FEDORA_2008-3343.NASL", "hash": "047943cc345cdcf560304d9f28578b2b", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)", "description": "This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2008-05-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32094", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?1fcb60f4"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-28T23:25:02", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200804-08.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:860849"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-28T23:25:02", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-07-28T23:25:02", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3343.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32094);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3343\");\n\n script_name(english:\"Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009587.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fcb60f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"lighttpd-1.4.19-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:25:02", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 5}, {"bulletin": {"id": "FEDORA_2008-3343.NASL", "hash": "a4d2e85e9662c19bb9db0f60613f925e", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-01T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/32094", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?1fcb60f4", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://bugzilla.redhat.com/show_bug.cgi?id=439066"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-12T13:13:59", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:860683"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-3376.NASL", "DEBIAN_DSA-1540.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_20.NASL", "SUSE_LIGHTTPD-5216.NASL", "4698.PRM"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-12T13:13:59", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-12T13:13:59", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3343.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32094);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3343\");\n\n script_name(english:\"Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009587.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fcb60f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"lighttpd-1.4.19-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:7"], "solution": "Update the affected lighttpd package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-04-29T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:13:59", "differentElements": ["nessusSeverity"], "edition": 6}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:60808"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-19T13:10:40", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-19T13:10:40", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3343.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32094);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-3343\");\n\n script_name(english:\"Fedora 7 : lighttpd-1.4.19-4.fc7 (2008-3343)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009587.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fcb60f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"lighttpd-1.4.19-4.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:7"], "solution": "Update the affected lighttpd package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-04-29T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "SUSE_LIGHTTPD-5216.NASL", "hash": "299bdd3d9ee81f75f68509fd5f533bdb", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-5216)", "description": "An error in one SSL connection could lead to termination of all SSL connections (CVE-2008-1531)", "published": "2008-05-02T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/32129", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-19T13:10:34", "history": [{"bulletin": {"id": "SUSE_LIGHTTPD-5216.NASL", "hash": "4b21692ac72ec946adefb3d182fe0643accc6cb366e955905fd29b2c51c57f51", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-5216)", "description": "An error in one SSL connection could lead to termination of all SSL connections (CVE-2008-1531)", "published": "2008-05-02T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32129", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-09-01T23:33:48", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32129);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:31:02 $\");\n\n script_cve_id(\"CVE-2008-1531\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-5216)\");\n script_summary(english:\"Check for the lighttpd-5216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_cml-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_rrdtool-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_webdav-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_cml-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_magnet-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_rrdtool-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_webdav-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_cml-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_magnet-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_rrdtool-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_webdav-1.4.18-1.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_mysql_vhost / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-09-01T23:33:48", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "SUSE_LIGHTTPD-5216.NASL", "hash": "e797013c5d5bab9bbfabaffcaed7d38d6d33dd62cc28eb12e5751ec13db32661", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-5216)", "description": "An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)", "published": "2008-05-02T00:00:00", "modified": "2020-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32129", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-04-01T03:08:18", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-04-01T03:08:18", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-04-01T03:08:18", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32129", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32129);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-1531\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-5216)\");\n script_summary(english:\"Check for the lighttpd-5216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_cml-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_rrdtool-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_webdav-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_cml-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_magnet-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_rrdtool-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_webdav-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_cml-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_magnet-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_rrdtool-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_webdav-1.4.18-1.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_mysql_vhost / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-04-01T03:08:18", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "SUSE_LIGHTTPD-5216.NASL", "hash": "5e327d73b0d0e2e236abb39b6272f16ca7cdf1003d373b8759c4762b13f48917", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-5216)", "description": "An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)", "published": "2008-05-02T00:00:00", "modified": "2020-06-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32129", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-06-01T04:46:47", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-06-01T04:46:47", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-06-01T04:46:47", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32129", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32129);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-1531\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-5216)\");\n script_summary(english:\"Check for the lighttpd-5216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_cml-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_rrdtool-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_webdav-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_cml-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_magnet-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_rrdtool-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_webdav-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_cml-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_magnet-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_rrdtool-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_webdav-1.4.18-1.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_mysql_vhost / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-06-01T04:46:47", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "SUSE_LIGHTTPD-5216.NASL", "hash": "9a3b6c0c729d7e29d1fb8fb7d8dfc971cedcd5fc2f3659baa5e6eb766fb6f9db", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-5216)", "description": "An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)", "published": "2008-05-02T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32129", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-12-01T15:01:43", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-12-01T15:01:43", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-12-01T15:01:43", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32129", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32129);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-1531\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-5216)\");\n script_summary(english:\"Check for the lighttpd-5216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_cml-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_rrdtool-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_webdav-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_cml-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_magnet-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_rrdtool-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_webdav-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_cml-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_magnet-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_rrdtool-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_webdav-1.4.18-1.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_mysql_vhost / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T15:01:43", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "SUSE_LIGHTTPD-5216.NASL", "hash": "8baa10a6bafcd532be8c50ee475e8df940a6678eb1dfce7aaf7ac345b4b8d5bd", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-5216)", "description": "An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)", "published": "2008-05-02T00:00:00", "modified": "2008-05-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32129", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-01-17T14:46:33", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-01-17T14:46:33", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-01-17T14:46:33", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32129);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1531\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-5216)\");\n script_summary(english:\"Check for the lighttpd-5216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_cml-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_rrdtool-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_webdav-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_cml-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_magnet-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_rrdtool-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_webdav-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_cml-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_magnet-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_rrdtool-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_webdav-1.4.18-1.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_mysql_vhost / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-17T14:46:33", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "SUSE_LIGHTTPD-5216.NASL", "hash": "5f5f1efefa8963717ec6d513542083bd", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-5216)", "description": "An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)", "published": "2008-05-02T00:00:00", "modified": "2008-05-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32129", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-29T21:47:33", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:60793", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860849", "OPENVAS:60808", "OPENVAS:860205"]}, {"type": "nessus", "idList": ["FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "DEBIAN_DSA-1540.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3343.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-29T21:47:33", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-07-29T21:47:33", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32129);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1531\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-5216)\");\n script_summary(english:\"Check for the lighttpd-5216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_cml-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_rrdtool-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_webdav-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_cml-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_magnet-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_rrdtool-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_webdav-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_cml-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_magnet-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_rrdtool-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_webdav-1.4.18-1.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_mysql_vhost / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T21:47:33", "differentElements": ["cvss2", "cvss3", "description", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "SUSE_LIGHTTPD-5216.NASL", "hash": "7e5e7e84e67c7295416d391dc671b7f6", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : lighttpd (lighttpd-5216)", "description": "An error in one SSL connection could lead to termination of all SSL connections (CVE-2008-1531)", "published": "2008-05-02T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/32129", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-12T13:14:07", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:860683"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-3376.NASL", "DEBIAN_DSA-1540.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_20.NASL", "4698.PRM", "FEDORA_2008-3343.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-12T13:14:07", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-08-12T13:14:07", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32129);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1531\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-5216)\");\n script_summary(english:\"Check for the lighttpd-5216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_cml-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_rrdtool-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_webdav-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_cml-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_magnet-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_rrdtool-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_webdav-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_cml-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_magnet-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_rrdtool-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_webdav-1.4.18-1.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_mysql_vhost / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "solution": "Update the affected lighttpd packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-04-27T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:14:07", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "LIGHTTPD_1_4_20.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-19T13:10:34", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-08-19T13:10:34", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update lighttpd-5216.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32129);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1531\");\n\n script_name(english:\"openSUSE 10 Security Update : lighttpd (lighttpd-5216)\");\n script_summary(english:\"Check for the lighttpd-5216 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in one SSL connection could lead to termination of all SSL\nconnections (CVE-2008-1531)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_cml-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_rrdtool-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"lighttpd-mod_webdav-1.4.10-11.23\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_cml-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_magnet-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_rrdtool-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"lighttpd-mod_webdav-1.4.13-41.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_cml-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_magnet-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_rrdtool-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.18-1.5\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"lighttpd-mod_webdav-1.4.18-1.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-mod_cml / lighttpd-mod_mysql_vhost / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "solution": "Update the affected lighttpd packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-04-27T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FEDORA_2008-4119.NASL", "hash": "ba895504cbd18e394c6c1305d730cef1", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-20T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/32386", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?dfe3e18d", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-19T13:10:43", "history": [{"bulletin": {"id": "FEDORA_2008-4119.NASL", "hash": "feaf68d15feed4f5299de98037b241ed12d864f4f5d50ab790677e5425db046e", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-20T00:00:00", "modified": "2015-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32386", "reporter": "Tenable", "references": ["http://www.nessus.org/u?dfe3e18d", "https://bugzilla.redhat.com/show_bug.cgi?id=439066"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-09-01T23:52:30", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32386", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4119.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32386);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:23:15 $\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-4119\");\n\n script_name(english:\"Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfe3e18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"lighttpd-1.4.19-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:9"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-09-01T23:52:30", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "FEDORA_2008-4119.NASL", "hash": "12857dccba51aa5e184b9f16450c32c54086bdd263b6d57f99fc2216cc794285", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)", "description": "This update fixes a bug where a user could kill another user", "published": "2008-05-20T00:00:00", "modified": "2020-01-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32386", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?dfe3e18d", "https://bugzilla.redhat.com/show_bug.cgi?id=439066"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-01-01T07:06:26", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-01-01T07:06:26", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["FEDORA_2008-3376.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}]}, "score": {"modified": "2020-01-01T07:06:26", "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32386", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4119.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32386);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-4119\");\n\n script_name(english:\"Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfe3e18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"lighttpd-1.4.19-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:9"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-01-01T07:06:26", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "FEDORA_2008-4119.NASL", "hash": "ee659866418696dfe1418881745ff979be24419b893c234ff8c85efa97c18da4", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)", "description": "This update fixes a bug where a user could kill another user", "published": "2008-05-20T00:00:00", "modified": "2020-07-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32386", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?dfe3e18d", "https://bugzilla.redhat.com/show_bug.cgi?id=439066"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-07-01T01:24:45", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-07-01T01:24:45", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["FEDORA_2008-3376.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-07-01T01:24:45", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32386", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4119.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32386);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-4119\");\n\n script_name(english:\"Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfe3e18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"lighttpd-1.4.19-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:9"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-07-01T01:24:45", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "FEDORA_2008-4119.NASL", "hash": "084c2900a66f0bb7c5da65c289db542994646bdff348438d482c87948012530a", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)", "description": "This update fixes a bug where a user could kill another user", "published": "2008-05-20T00:00:00", "modified": "2020-08-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32386", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?dfe3e18d", "https://bugzilla.redhat.com/show_bug.cgi?id=439066"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-08-01T01:35:27", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-08-01T01:35:27", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["FEDORA_2008-3376.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-08-01T01:35:27", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32386", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4119.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32386);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-4119\");\n\n script_name(english:\"Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfe3e18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"lighttpd-1.4.19-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:9"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-08-01T01:35:27", "differentElements": ["description", "modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FEDORA_2008-4119.NASL", "hash": "2605041dc2f18460061b5985cd8347141ab2df99fbd8ea97be4ce37cad83dc77", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)", "description": "This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-05-20T00:00:00", "modified": "2008-05-20T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32386", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?dfe3e18d", "https://bugzilla.redhat.com/show_bug.cgi?id=439066"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-01-12T10:06:32", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-01-12T10:06:32", "references": [{"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["FEDORA_2008-3376.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-01-12T10:06:32", "rev": 2, "value": 5.6, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "32386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4119.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32386);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-4119\");\n\n script_name(english:\"Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfe3e18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"lighttpd-1.4.19-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:9"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-12T10:06:32", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FEDORA_2008-4119.NASL", "hash": "9adfcb57ea5764c5a563a136485eb03e", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)", "description": "This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2008-05-20T00:00:00", "modified": "2008-05-20T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/32386", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?dfe3e18d", "https://bugzilla.redhat.com/show_bug.cgi?id=439066"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-07-28T23:25:07", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:60793", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860849", "OPENVAS:60808", "OPENVAS:860205"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "nessus", "idList": ["SUSE_LIGHTTPD-5216.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "DEBIAN_DSA-1540.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-07-28T23:25:07", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-07-28T23:25:07", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4119.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32386);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-4119\");\n\n script_name(english:\"Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfe3e18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"lighttpd-1.4.19-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:9"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T23:25:07", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "FEDORA_2008-4119.NASL", "hash": "385107a75ae22316b93dae23d2ff99cd", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)", "description": "This update fixes a bug where a user could kill another user's SSL connection by killing his own, because the SSL error queue wasn't cleared properly.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-05-20T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/32386", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://bugzilla.redhat.com/show_bug.cgi?id=439066", "http://www.nessus.org/u?dfe3e18d"], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-12T13:13:37", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:860683"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200804-08.NASL", "FEDORA_2008-3376.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "DEBIAN_DSA-1540.NASL", "LIGHTTPD_1_4_20.NASL", "SUSE_LIGHTTPD-5216.NASL", "4698.PRM", "FEDORA_2008-3343.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-12T13:13:37", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-12T13:13:37", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4119.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32386);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-4119\");\n\n script_name(english:\"Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfe3e18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"lighttpd-1.4.19-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:9"], "solution": "Update the affected lighttpd package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-05-17T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:13:37", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-08-19T13:10:43", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-08-19T13:10:43", "rev": 2}}, "objectVersion": "1.6", "pluginID": "32386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-4119.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32386);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_xref(name:\"FEDORA\", value:\"2008-4119\");\n\n script_name(english:\"Fedora 9 : lighttpd-1.4.19-4.fc9 (2008-4119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a bug where a user could kill another user's SSL\nconnection by killing his own, because the SSL error queue wasn't\ncleared properly.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=439066\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010087.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfe3e18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"lighttpd-1.4.19-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:9"], "solution": "Update the affected lighttpd package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2008-05-17T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "GENTOO_GLSA-200804-08.NASL", "hash": "bc0294099189f8009d86b7f2cab14f87", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200804-08 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-08 (lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the 'nobody' user's $HOME is '/' (CVE-2008-1270). An error also exists in the SSL connection code which can be triggered when a user prematurely terminates his connection (CVE-2008-1531).\n Impact :\n\n A remote attacker could exploit the first vulnerability to read arbitrary files. The second vulnerability can be exploited by a remote attacker to cause a Denial of Service by terminating a victim's SSL connection.\n Workaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a sensible value, e.g. 'public_html'.", "published": "2008-04-17T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31955", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200804-08", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1270"], "cvelist": ["CVE-2008-1270", "CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-19T13:10:48", "history": [{"bulletin": {"id": "GENTOO_GLSA-200804-08.NASL", "hash": "1eb617ff5de704825a3d46998bd5cbe8d1f4e5a28df7fa3392ecd1894be55528", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200804-08 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the ", "published": "2008-04-17T00:00:00", "modified": "2020-02-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31955", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200804-08"], "cvelist": ["CVE-2008-1531", "CVE-2008-1270"], "immutableFields": [], "lastseen": "2020-02-01T07:54:55", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"modified": "2020-02-01T07:54:55", "references": [{"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60573", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}, {"idList": ["EDB-ID:31396"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["CVE-2008-1531", "CVE-2008-1270"], "type": "cve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5107.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "DEBIAN_DSA-1521.NASL"], "type": "nessus"}]}, "score": {"modified": "2020-02-01T07:54:55", "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31955", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31955);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_xref(name:\"GLSA\", value:\"200804-08\");\n\n script_name(english:\"GLSA-200804-08 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.19-r2\"), vulnerable:make_list(\"lt 1.4.19-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-02-01T07:54:55", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "GENTOO_GLSA-200804-08.NASL", "hash": "58fa568116af2a3654c2c904c08dea52c88da9e0a9f807e41a7ec45527e3e275", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200804-08 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the ", "published": "2008-04-17T00:00:00", "modified": "2020-06-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31955", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200804-08"], "cvelist": ["CVE-2008-1531", "CVE-2008-1270"], "immutableFields": [], "lastseen": "2020-06-01T02:09:51", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"modified": "2020-06-01T02:09:51", "references": [{"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60573", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}, {"idList": ["EDB-ID:31396"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["CVE-2008-1531", "CVE-2008-1270"], "type": "cve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5107.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "DEBIAN_DSA-1521.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-06-01T02:09:51", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31955", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31955);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_xref(name:\"GLSA\", value:\"200804-08\");\n\n script_name(english:\"GLSA-200804-08 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.19-r2\"), vulnerable:make_list(\"lt 1.4.19-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-06-01T02:09:51", "differentElements": ["description", "modified"], "edition": 2}, {"bulletin": {"id": "GENTOO_GLSA-200804-08.NASL", "hash": "0631aa8852125e0f09bfa0dc0075caefa67221f078229fe82663992aaf6b7dd3", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200804-08 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.", "published": "2008-04-17T00:00:00", "modified": "2020-10-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31955", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200804-08"], "cvelist": ["CVE-2008-1531", "CVE-2008-1270"], "immutableFields": [], "lastseen": "2020-10-01T06:43:00", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"modified": "2020-10-01T06:43:00", "references": [{"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60573", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}, {"idList": ["EDB-ID:31396"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["CVE-2008-1531", "CVE-2008-1270"], "type": "cve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5107.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "DEBIAN_DSA-1521.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-10-01T06:43:00", "rev": 2, "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31955", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31955);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_xref(name:\"GLSA\", value:\"200804-08\");\n\n script_name(english:\"GLSA-200804-08 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.19-r2\"), vulnerable:make_list(\"lt 1.4.19-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-10-01T06:43:00", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "GENTOO_GLSA-200804-08.NASL", "hash": "ab1ce8dbe3632472043b7d0f657e7b3f2a9a62ebacf2c0c8b6d528ec0654cda6", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200804-08 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.", "published": "2008-04-17T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31955", "reporter": "This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200804-08"], "cvelist": ["CVE-2008-1531", "CVE-2008-1270"], "immutableFields": [], "lastseen": "2020-12-01T11:00:34", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"modified": "2020-12-01T11:00:34", "references": [{"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60573", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}, {"idList": ["EDB-ID:31396"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["CVE-2008-1531", "CVE-2008-1270"], "type": "cve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5107.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "DEBIAN_DSA-1521.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-12-01T11:00:34", "rev": 2, "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31955", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31955);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_xref(name:\"GLSA\", value:\"200804-08\");\n\n script_name(english:\"GLSA-200804-08 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.19-r2\"), vulnerable:make_list(\"lt 1.4.19-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T11:00:34", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "GENTOO_GLSA-200804-08.NASL", "hash": "3f380f8a8a1a6d865378e23d4ca42f8cdec871460ad923b550cbd5f0543a3b5b", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200804-08 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.", "published": "2008-04-17T00:00:00", "modified": "2008-04-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31955", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200804-08"], "cvelist": ["CVE-2008-1531", "CVE-2008-1270"], "immutableFields": [], "lastseen": "2021-01-07T10:52:20", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"modified": "2021-01-07T10:52:20", "references": [{"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60573", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["UB:CVE-2008-1531", "UB:CVE-2008-1270"], "type": "ubuntucve"}, {"idList": ["EDB-ID:31396"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["CVE-2008-1531", "CVE-2008-1270"], "type": "cve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5107.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "DEBIAN_DSA-1521.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-01-07T10:52:20", "rev": 2, "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "31955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31955);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_xref(name:\"GLSA\", value:\"200804-08\");\n\n script_name(english:\"GLSA-200804-08 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.19-r2\"), vulnerable:make_list(\"lt 1.4.19-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:52:20", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "GENTOO_GLSA-200804-08.NASL", "hash": "cccd0a8a6146e3a33849cb2086edbf34", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200804-08 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.", "published": "2008-04-17T00:00:00", "modified": "2008-04-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/31955", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200804-08"], "cvelist": ["CVE-2008-1531", "CVE-2008-1270"], "immutableFields": [], "lastseen": "2021-07-29T00:18:54", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531", "CVE-2008-1270"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1270", "UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:61364", "OPENVAS:860849", "OPENVAS:860205", "OPENVAS:60808", "OPENVAS:60834", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:60793", "OPENVAS:60573"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}, {"type": "exploitdb", "idList": ["EDB-ID:31396"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "LIGHTTPD_1_4_20.NASL", "SUSE_LIGHTTPD-5107.NASL", "SUSE_LIGHTTPD-5216.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_19.NASL", "DEBIAN_DSA-1521.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3343.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}], "modified": "2021-07-29T00:18:54", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-07-29T00:18:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31955);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_xref(name:\"GLSA\", value:\"200804-08\");\n\n script_name(english:\"GLSA-200804-08 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.19-r2\"), vulnerable:make_list(\"lt 1.4.19-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:18:54", "differentElements": ["cvss2", "cvss3", "description", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "GENTOO_GLSA-200804-08.NASL", "hash": "c38d00cae9ac02faf2cb4c37bbcfb853", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-200804-08 : lighttpd: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-08 (lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the 'nobody' user's $HOME is '/' (CVE-2008-1270). An error also exists in the SSL connection code which can be triggered when a user prematurely terminates his connection (CVE-2008-1531).\n Impact :\n\n A remote attacker could exploit the first vulnerability to read arbitrary files. The second vulnerability can be exploited by a remote attacker to cause a Denial of Service by terminating a victim's SSL connection.\n Workaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a sensible value, e.g. 'public_html'.", "published": "2008-04-17T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/31955", "reporter": "This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200804-08", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1270"], "cvelist": ["CVE-2008-1270", "CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-08-12T13:14:07", "history": [], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1270", "CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531", "UB:CVE-2008-1270"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:60573", "OPENVAS:61364", "OPENVAS:860683"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}, {"type": "exploitdb", "idList": ["EDB-ID:31396"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "4411.PRM", "DEBIAN_DSA-1540.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5107.NASL", "LIGHTTPD_1_4_19.NASL", "DEBIAN_DSA-1521.NASL", "FEDORA_2008-3343.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}], "modified": "2021-08-12T13:14:07", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-12T13:14:07", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31955);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_xref(name:\"GLSA\", value:\"200804-08\");\n\n script_name(english:\"GLSA-200804-08 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.19-r2\"), vulnerable:make_list(\"lt 1.4.19-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:lighttpd", "cpe:/o:gentoo:linux"], "solution": "All lighttpd users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-04-10T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-12T13:14:07", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531", "CVE-2008-1270"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531", "UB:CVE-2008-1270"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1270", "DEBIANCVE:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60808", "OPENVAS:860849", "OPENVAS:60573", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60793"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "nessus", "idList": ["FEDORA_2008-3376.NASL", "4411.PRM", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "SUSE_LIGHTTPD-5107.NASL", "FEDORA_2008-4119.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "SUSE_LIGHTTPD-5216.NASL", "DEBIAN_DSA-1521.NASL", "LIGHTTPD_1_4_19.NASL", "LIGHTTPD_1_4_20.NASL"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "seebug", "idList": ["SSV:3182"]}], "modified": "2021-08-19T13:10:48", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-08-19T13:10:48", "rev": 2}}, "objectVersion": "1.6", "pluginID": "31955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200804-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31955);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_xref(name:\"GLSA\", value:\"200804-08\");\n\n script_name(english:\"GLSA-200804-08 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200804-08\n(lighttpd: Multiple vulnerabilities)\n\n Julien Cayzax discovered that an insecure default setting exists in\n mod_userdir in lighttpd. When userdir.path is not set the default value\n used is $HOME. It should be noted that the 'nobody' user's $HOME is '/'\n (CVE-2008-1270). An error also exists in the SSL connection code which\n can be triggered when a user prematurely terminates his connection\n (CVE-2008-1531).\n \nImpact :\n\n A remote attacker could exploit the first vulnerability to read\n arbitrary files. The second vulnerability can be exploited by a remote\n attacker to cause a Denial of Service by terminating a victim's SSL\n connection.\n \nWorkaround :\n\n As a workaround for CVE-2008-1270 you can set userdir.path to a\n sensible value, e.g. 'public_html'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200804-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.19-r2\"), vulnerable:make_list(\"lt 1.4.19-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:lighttpd", "cpe:/o:gentoo:linux"], "solution": "All lighttpd users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2008-04-10T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "4698.PRM", "hash": "b604480ad094940ac300f7201e65c17f", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd installed on the remote host is older than 1.4.20. Such versions may be affected by several issues, including :\n\n - SSL connections could be shut down by a remote attacker.\n - URL rewrite and redirect patterns can be circumvented by encoding.\n - mod_userdir does not sanitize URLs, which could lead to an information disclosure on case insensitive file systems e.g. http://example.com/~user/file.PHP would get the source code of file.php, instead of running the script.\n - The server leaks memory when it processes duplicate headers. This could lead to a denial of service by resource exhaustion.", "published": "2008-10-03T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "href": "https://www.tenable.com/plugins/nnm/4698", "reporter": "Tenable", "references": ["http://trac.lighttpd.net/trac/ticket/1720", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360", "http://trac.lighttpd.net/trac/ticket/1774", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298", "http://trac.lighttpd.net/trac/ticket/285", "http://www.lighttpd.net", "http://trac.lighttpd.net/trac/ticket/1589", "http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4359", "CVE-2008-4298"], "immutableFields": [], "lastseen": "2021-08-19T13:09:29", "history": [{"bulletin": {"id": "4698.PRM", "hash": "a2ab5464fe484361feb7193dfbb74fc4", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd installed on the remote host is older than 1.4.20. Such versions may be affected by several issues, including :\n\n - SSL connections could be shut down by a remote attacker.\n - URL rewrite and redirect patterns can be circumvented by encoding.\n - mod_userdir does not sanitize URLs, which could lead to an information disclosure on case insensitive file systems e.g. http://example.com/~user/file.PHP would get the source code of file.php, instead of running the script.\n - The server leaks memory when it processes duplicate headers. This could lead to a denial of service by resource exhaustion.", "published": "2008-10-03T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "href": "https://www.tenable.com/plugins/nnm/4698", "reporter": "Tenable", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359", "http://trac.lighttpd.net/trac/ticket/1720", "http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win", "http://trac.lighttpd.net/trac/ticket/1774", "http://www.lighttpd.net", "http://trac.lighttpd.net/trac/ticket/1589", "http://trac.lighttpd.net/trac/ticket/285", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4359", "CVE-2008-4298"], "immutableFields": [], "lastseen": "2021-08-11T14:40:48", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_11_1_LIGHTTPD-091123.NASL", "GENTOO_GLSA-200812-04.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-11923.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "DEBIAN_DSA-1645.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "SUSE_LIGHTTPD-5785.NASL", "FEDORA_2008-3343.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-4360", "UB:CVE-2008-4298", "UB:CVE-2008-1531", "UB:CVE-2008-4359"]}, {"type": "cve", "idList": ["CVE-2008-4360", "CVE-2008-4359", "CVE-2008-1531", "CVE-2008-4298"]}, {"type": "openvas", "idList": ["OPENVAS:60793", "OPENVAS:1361412562310100449", "OPENVAS:136141256231063385", "OPENVAS:61943", "OPENVAS:63385", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61701", "OPENVAS:60786", "OPENVAS:61364"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9336", "SECURITYVULNS:DOC:20660", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE", "FB911E31-8CEB-11DD-BB29-000C6E274733"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:38F25208515", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1645-1:0211A", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "gentoo", "idList": ["GLSA-200812-04", "GLSA-200804-08"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4298/"]}, {"type": "seebug", "idList": ["SSV:3182", "SSV:4168", "SSV:4167"]}], "modified": "2021-08-11T14:40:48", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-08-11T14:40:48", "rev": 2}}, "objectVersion": "1.6", "pluginID": "4698", "sourceData": "Binary data 4698.prm", "naslFamily": "Web Servers", "cpe": ["cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*"], "solution": "Upgrade to version 1.4.20 or higher.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-11T14:40:48", "differentElements": ["nessusSeverity"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_LIGHTTPD-5216.NASL", "SUSE_LIGHTTPD-5785.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "FEDORA_2008-11923.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200812-04.NASL", "GENTOO_GLSA-200804-08.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "FEDORA_2008-3343.NASL", "SUSE_11_1_LIGHTTPD-091123.NASL", "DEBIAN_DSA-1645.NASL", "LIGHTTPD_1_4_20.NASL"]}, {"type": "cve", "idList": ["CVE-2008-4359", "CVE-2008-4360", "CVE-2008-4298", "CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531", "UB:CVE-2008-4298", "UB:CVE-2008-4360", "UB:CVE-2008-4359"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-4359", "DEBIANCVE:CVE-2008-1531", "DEBIANCVE:CVE-2008-4298", "DEBIANCVE:CVE-2008-4360"]}, {"type": "openvas", "idList": ["OPENVAS:61943", "OPENVAS:860849", "OPENVAS:61701", "OPENVAS:136141256231063385", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:63385", "OPENVAS:1361412562310100449", "OPENVAS:60786", "OPENVAS:61364", "OPENVAS:60808"]}, {"type": "freebsd", "idList": ["FB911E31-8CEB-11DD-BB29-000C6E274733", "1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:38F25208515", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9336", "SECURITYVULNS:DOC:20660", "SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1645-1:0211A", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "gentoo", "idList": ["GLSA-200804-08", "GLSA-200812-04"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4360/"]}, {"type": "seebug", "idList": ["SSV:4167", "SSV:3182", "SSV:4168"]}], "modified": "2021-08-19T13:09:29", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-08-19T13:09:29", "rev": 2}}, "objectVersion": "1.6", "pluginID": "4698", "sourceData": "Binary data 4698.prm", "naslFamily": "Web Servers", "cpe": ["cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*"], "solution": "Upgrade to version 1.4.20 or higher.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "LIGHTTPD_1_4_20.NASL", "hash": "a913bb0110675914b6ecbd5d7f15b937", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2018-07-13T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/34332", "reporter": "This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.", "references": ["https://redmine.lighttpd.net/issues/1589", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://redmine.lighttpd.net/issues/285", "https://redmine.lighttpd.net/issues/1774", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298", "http://www.nessus.org/u?3d6f179d"], "cvelist": ["CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359", "CVE-2008-4360"], "immutableFields": [], "lastseen": "2021-10-16T15:47:27", "history": [{"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "34ee2e747d1317f70264b1254eab98c63bc35b97fd567c1babcdf4d32ceb9418", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2016-11-23T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=34332", "reporter": "Tenable", "references": ["https://redmine.lighttpd.net/issues/1589", "https://redmine.lighttpd.net/issues/1589", "http://www.nessus.org/u?3d6f179d", "https://redmine.lighttpd.net/issues/1774", "https://redmine.lighttpd.net/issues/285"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359"], "immutableFields": [], "lastseen": "2017-10-29T13:43:42", "history": [], "viewCount": 10, "enchantments": {"score": {"modified": "2017-10-29T13:43:42", "value": 7.8}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"$Revision: 1.17 $\");\n script_cvs_date(\"$Date: 2016/11/23 20:31:33 $\");\n\n script_cve_id(\"CVE-2008-1531\", \"CVE-2008-4298\", \"CVE-2008-4359\", \"CVE-2008-4360\");\n script_bugtraq_id(28489, 31434, 31599, 31600);\n script_osvdb_id(43788, 48682, 48886, 48889);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_keys(\"www/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n# No backport for lighttpd\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (!get_kb_item(\"www/lighttpd\")) exit(0);\n\nport = get_http_port(default:80);\n\nbanner = get_http_banner(port: port);\n\nsrv = egrep(string: banner, icase: 1, pattern: '^Server:[ \\t]*lighttpd');\nif (! srv) exit(0);\n\nsrv = chomp(srv);\nif (srv =~ \"lighttpd/1\\.([0-3]\\.|4\\.([0-9]|[01][0-9])([^0-9]|$))\")\n{\n if (report_verbosity)\n {\n ver = strstr(srv, \"lighttpd/\") - \"lighttpd/\";\n report = strcat(\n '\\n',\n 'lighttpd version ', ver, ' appears to be running on the remote host\\n',\n 'based on the following Server response header :\\n',\n '\\n',\n ' ', srv, '\\n'\n );\n security_hole(port: port, extra: report);\n }\n else\n security_hole(port);\n}\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2017-10-29T13:43:42", "differentElements": ["cvss", "modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "92134f5d4328ccb37caf1bff83f6eb917dab74c28f8450379bfbcc7e7054d5e2", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2018-07-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=34332", "reporter": "Tenable", "references": ["https://redmine.lighttpd.net/issues/1589", "https://redmine.lighttpd.net/issues/1589", "http://www.nessus.org/u?3d6f179d", "https://redmine.lighttpd.net/issues/1774", "https://redmine.lighttpd.net/issues/285"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359"], "immutableFields": [], "lastseen": "2018-11-30T13:40:44", "history": [], "viewCount": 10, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-11-30T13:40:44", "differentElements": ["cvss", "cvss3", "description", "href", "modified", "reporter"], "edition": 2}, {"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "b9b5fa5ee52be5a6f6b123e0a8c7df5be5b5638d3c6adf57fb95dd5ee1d44dbd", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2021-05-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/34332", "reporter": "This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.", "references": ["https://redmine.lighttpd.net/issues/1589", "https://redmine.lighttpd.net/issues/1589", "http://www.nessus.org/u?3d6f179d", "https://redmine.lighttpd.net/issues/1774", "https://redmine.lighttpd.net/issues/285"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359"], "immutableFields": [], "lastseen": "2021-05-01T00:44:55", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"modified": "2021-05-01T00:44:55", "references": [{"idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/", "MSF:ILITIES/SUSE-CVE-2008-4298/"], "type": "metasploit"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1645-1:0211A"], "type": "debian"}, {"idList": ["SECURITYVULNS:DOC:20660", "SECURITYVULNS:VULN:9336", "SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359"], "type": "cve"}, {"idList": ["SSV:4168", "SSV:3182", "SSV:4167"], "type": "seebug"}, {"idList": ["OPENVAS:61364", "OPENVAS:1361412562310100449", "OPENVAS:60793", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:136141256231063385", "OPENVAS:61943", "OPENVAS:61701", "OPENVAS:63385", "OPENVAS:60834"], "type": "openvas"}, {"idList": ["FEDORA_2008-11923.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "GENTOO_GLSA-200812-04.NASL", "SUSE_LIGHTTPD-5785.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "SUSE_11_1_LIGHTTPD-091123.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "DEBIAN_DSA-1645.NASL"], "type": "nessus"}, {"idList": ["GLSA-200804-08", "GLSA-200812-04"], "type": "gentoo"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:38F25208515", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["FB911E31-8CEB-11DD-BB29-000C6E274733", "1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-05-01T00:44:55", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-05-01T00:44:55", "differentElements": ["cvss2", "cvss3", "modified"], "edition": 3}, {"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "b825a389cf3d176c0c2a3f6a4dc2f377f4818d0390b9b139e332dd744343cc2d", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2021-07-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/34332", "reporter": "This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.", "references": ["https://redmine.lighttpd.net/issues/1589", "https://redmine.lighttpd.net/issues/1589", "http://www.nessus.org/u?3d6f179d", "https://redmine.lighttpd.net/issues/1774", "https://redmine.lighttpd.net/issues/285"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359"], "immutableFields": [], "lastseen": "2021-07-29T00:53:48", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"modified": "2021-07-29T00:53:48", "references": [{"idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/", "MSF:ILITIES/SUSE-CVE-2008-4298/"], "type": "metasploit"}, {"idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1645-1:0211A"], "type": "debian"}, {"idList": ["SECURITYVULNS:DOC:20660", "SECURITYVULNS:VULN:9336", "SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["FEDORA_2008-11923.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "GENTOO_GLSA-200812-04.NASL", "SUSE_LIGHTTPD-5785.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "SUSE_11_1_LIGHTTPD-091123.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "DEBIAN_DSA-1645.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359"], "type": "cve"}, {"idList": ["UB:CVE-2008-1531", "UB:CVE-2008-4298", "UB:CVE-2008-4359", "UB:CVE-2008-4360"], "type": "ubuntucve"}, {"idList": ["SSV:4168", "SSV:3182", "SSV:4167"], "type": "seebug"}, {"idList": ["OPENVAS:61364", "OPENVAS:1361412562310100449", "OPENVAS:60793", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:136141256231063385", "OPENVAS:61943", "OPENVAS:61701", "OPENVAS:63385", "OPENVAS:60834"], "type": "openvas"}, {"idList": ["GLSA-200804-08", "GLSA-200812-04"], "type": "gentoo"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:38F25208515", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["FB911E31-8CEB-11DD-BB29-000C6E274733", "1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-07-29T00:53:48", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:53:48", "differentElements": ["modified"], "edition": 4}, {"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "3ecf7b1e5713f1d0bd1261fb7b30d037", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2021-08-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/34332", "reporter": "This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.", "references": ["https://redmine.lighttpd.net/issues/1589", "https://redmine.lighttpd.net/issues/1589", "http://www.nessus.org/u?3d6f179d", "https://redmine.lighttpd.net/issues/1774", "https://redmine.lighttpd.net/issues/285"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359"], "immutableFields": [], "lastseen": "2021-08-01T09:03:32", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4359", "CVE-2008-4298", "CVE-2008-4360", "CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-4298", "UB:CVE-2008-4360", "UB:CVE-2008-4359", "UB:CVE-2008-1531"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200812-04.NASL", "SUSE_LIGHTTPD-5785.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "DEBIAN_DSA-1645.NASL", "SUSE_11_1_LIGHTTPD-091123.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "DEBIAN_DSA-1540.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "FEDORA_2008-11923.NASL", "FEDORA_2008-3343.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:61943", "OPENVAS:61701", "OPENVAS:60834", "OPENVAS:60793", "OPENVAS:61364", "OPENVAS:136141256231063385", "OPENVAS:63385", "OPENVAS:60786", "OPENVAS:1361412562310100449", "OPENVAS:860205"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20660", "SECURITYVULNS:VULN:9336", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1645-1:0211A"]}, {"type": "gentoo", "idList": ["GLSA-200812-04", "GLSA-200804-08"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:38F25208515", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE", "FB911E31-8CEB-11DD-BB29-000C6E274733"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/SUSE-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/"]}, {"type": "seebug", "idList": ["SSV:4167", "SSV:4168", "SSV:3182"]}], "modified": "2021-08-01T09:03:32", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-01T09:03:32", "rev": 2}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-01T09:03:32", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "references", "solution", "vpr"], "edition": 5}, {"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "88af0a85d73f74160e30ffebce219200", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2018-07-13T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/34332", "reporter": "This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359", "https://redmine.lighttpd.net/issues/1589", "http://www.nessus.org/u?3d6f179d", "https://redmine.lighttpd.net/issues/285", "https://redmine.lighttpd.net/issues/1774", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360"], "cvelist": ["CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359", "CVE-2008-4360"], "immutableFields": [], "lastseen": "2021-08-11T14:40:54", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_11_1_LIGHTTPD-091123.NASL", "GENTOO_GLSA-200812-04.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "FEDORA_2008-11923.NASL", "DEBIAN_DSA-1645.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "SUSE_LIGHTTPD-5785.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "4698.PRM"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-4360", "UB:CVE-2008-4298", "UB:CVE-2008-1531", "UB:CVE-2008-4359"]}, {"type": "cve", "idList": ["CVE-2008-4360", "CVE-2008-4359", "CVE-2008-1531", "CVE-2008-4298"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9336", "SECURITYVULNS:DOC:20660", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE", "FB911E31-8CEB-11DD-BB29-000C6E274733"]}, {"type": "gentoo", "idList": ["GLSA-200812-04", "GLSA-200804-08"]}, {"type": "openvas", "idList": ["OPENVAS:60793", "OPENVAS:1361412562310100449", "OPENVAS:136141256231063385", "OPENVAS:61943", "OPENVAS:63385", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61701", "OPENVAS:60786", "OPENVAS:61364"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1645-1:0211A", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:38F25208515", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4298/"]}, {"type": "seebug", "idList": ["SSV:3182", "SSV:4168", "SSV:4167"]}], "modified": "2021-08-11T14:40:54", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-11T14:40:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "Upgrade to lighttpd version 1.4.20 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "4.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-11T14:40:54", "differentElements": ["nessusSeverity"], "edition": 6}, {"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "a913bb0110675914b6ecbd5d7f15b937", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2018-07-13T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/34332", "reporter": "This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298", "https://redmine.lighttpd.net/issues/1589", "http://www.nessus.org/u?3d6f179d", "https://redmine.lighttpd.net/issues/1774", "https://redmine.lighttpd.net/issues/285", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531"], "cvelist": ["CVE-2008-1531", "CVE-2008-4298", "CVE-2008-4359", "CVE-2008-4360"], "immutableFields": [], "lastseen": "2021-08-19T13:09:35", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_11_1_LIGHTTPD-091123.NASL", "GENTOO_GLSA-200812-04.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "DEBIAN_DSA-1540.NASL", "SUSE_LIGHTTPD-5785.NASL", "4698.PRM", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "FEDORA_2008-11923.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "DEBIAN_DSA-1645.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531", "UB:CVE-2008-4360", "UB:CVE-2008-4359", "UB:CVE-2008-4298"]}, {"type": "cve", "idList": ["CVE-2008-1531", "CVE-2008-4359", "CVE-2008-4298", "CVE-2008-4360"]}, {"type": "openvas", "idList": ["OPENVAS:61364", "OPENVAS:60793", "OPENVAS:136141256231063385", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:1361412562310100449", "OPENVAS:63385", "OPENVAS:61701", "OPENVAS:61943", "OPENVAS:60834"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9336", "SECURITYVULNS:DOC:20660", "SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "freebsd", "idList": ["FB911E31-8CEB-11DD-BB29-000C6E274733", "1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:38F25208515", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1645-1:0211A"]}, {"type": "gentoo", "idList": ["GLSA-200812-04", "GLSA-200804-08"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/"]}, {"type": "seebug", "idList": ["SSV:4167", "SSV:4168", "SSV:3182"]}], "modified": "2021-08-19T13:09:35", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-19T13:09:35", "rev": 2}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "Upgrade to lighttpd version 1.4.20 or later.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "4.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-19T13:09:35", "differentElements": ["cpe", "cvss"], "edition": 7}, {"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "b61a9aac4d512bccf1c26046dc682190", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2018-07-13T00:00:00", "cvss": {"score": 7.8, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/34332", "reporter": "This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?3d6f179d", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531", "https://redmine.lighttpd.net/issues/1589", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298", "https://redmine.lighttpd.net/issues/285", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359", "https://redmine.lighttpd.net/issues/1774"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4359", "CVE-2008-4298"], "immutableFields": [], "lastseen": "2021-09-10T03:40:21", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "FEDORA_2008-11923.NASL", "SUSE_LIGHTTPD-5785.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "4698.PRM", "SUSE_11_1_LIGHTTPD-091123.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "DEBIAN_DSA-1645.NASL", "GENTOO_GLSA-200812-04.NASL"]}, {"type": "cve", "idList": ["CVE-2008-4298", "CVE-2008-4359", "CVE-2008-4360", "CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-4298", "UB:CVE-2008-4360", "UB:CVE-2008-4359", "UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:1361412562310100449", "OPENVAS:61943", "OPENVAS:61364", "OPENVAS:61701", "OPENVAS:60793", "OPENVAS:63385", "OPENVAS:860205", "OPENVAS:60786", "OPENVAS:136141256231063385"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:VULN:9336", "SECURITYVULNS:DOC:20660", "SECURITYVULNS:DOC:19540"]}, {"type": "freebsd", "idList": ["FB911E31-8CEB-11DD-BB29-000C6E274733", "1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:38F25208515", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1645-1:0211A", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "gentoo", "idList": ["GLSA-200804-08", "GLSA-200812-04"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4298/"]}, {"type": "seebug", "idList": ["SSV:4167", "SSV:4168", "SSV:3182"]}], "modified": "2021-09-10T03:40:21", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-09-10T03:40:21", "rev": 2}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*"], "solution": "Upgrade to lighttpd version 1.4.20 or later.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "4.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-09-10T03:40:21", "differentElements": ["cpe"], "edition": 8}, {"bulletin": {"id": "LIGHTTPD_1_4_20.NASL", "hash": "bf478f9468c1c261a0eaba5e38daf79e", "type": "nessus", "bulletinFamily": "scanner", "title": "lighttpd < 1.4.20 Multiple Vulnerabilities", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2008-10-03T00:00:00", "modified": "2018-07-13T00:00:00", "cvss": {"score": 7.8, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/34332", "reporter": "This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.", "references": ["https://redmine.lighttpd.net/issues/1774", "https://redmine.lighttpd.net/issues/1589", "http://www.nessus.org/u?3d6f179d", "https://redmine.lighttpd.net/issues/285", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531"], "cvelist": ["CVE-2008-4360", "CVE-2008-1531", "CVE-2008-4359", "CVE-2008-4298"], "immutableFields": [], "lastseen": "2021-10-16T02:51:22", "history": [], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2008-4119.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "FEDORA_2008-11923.NASL", "SUSE_LIGHTTPD-5785.NASL", "SUSE_11_0_LIGHTTPD-091123.NASL", "4698.PRM", "SUSE_11_1_LIGHTTPD-091123.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "DEBIAN_DSA-1645.NASL", "GENTOO_GLSA-200812-04.NASL"]}, {"type": "cve", "idList": ["CVE-2008-4298", "CVE-2008-4359", "CVE-2008-4360", "CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-4298", "UB:CVE-2008-4360", "UB:CVE-2008-4359", "UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:1361412562310100449", "OPENVAS:61943", "OPENVAS:61364", "OPENVAS:61701", "OPENVAS:60793", "OPENVAS:63385", "OPENVAS:860205", "OPENVAS:60786", "OPENVAS:136141256231063385"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:VULN:9336", "SECURITYVULNS:DOC:20660", "SECURITYVULNS:DOC:19540"]}, {"type": "freebsd", "idList": ["FB911E31-8CEB-11DD-BB29-000C6E274733", "1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:38F25208515", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1645-1:0211A", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "gentoo", "idList": ["GLSA-200804-08", "GLSA-200812-04"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4298/"]}, {"type": "seebug", "idList": ["SSV:4167", "SSV:4168", "SSV:3182"]}], "modified": "2021-09-10T03:40:21", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-09-10T03:40:21", "rev": 2}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "Upgrade to lighttpd version 1.4.20 or later.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "4.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-10-16T02:51:22", "differentElements": ["cvss"], "edition": 9}], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_LIGHTTPD-5785.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "FEDORA_2008-11923.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200812-04.NASL", "GENTOO_GLSA-200804-08.NASL", "FREEBSD_PKG_FB911E318CEB11DDBB29000C6E274733.NASL", "SUSE_11_0_LIGHTTPD-081114.NASL", "4698.PRM", "SUSE_11_0_LIGHTTPD-091123.NASL", "FEDORA_2008-3343.NASL", "SUSE_11_1_LIGHTTPD-091123.NASL", "DEBIAN_DSA-1645.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-4359", "DEBIANCVE:CVE-2008-1531", "DEBIANCVE:CVE-2008-4298", "DEBIANCVE:CVE-2008-4360"]}, {"type": "cve", "idList": ["CVE-2008-4359", "CVE-2008-4360", "CVE-2008-4298", "CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531", "UB:CVE-2008-4298", "UB:CVE-2008-4360", "UB:CVE-2008-4359"]}, {"type": "freebsd", "idList": ["FB911E31-8CEB-11DD-BB29-000C6E274733", "1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9336", "SECURITYVULNS:DOC:20660", "SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1645-1:0211A", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "gentoo", "idList": ["GLSA-200804-08", "GLSA-200812-04"]}, {"type": "openvas", "idList": ["OPENVAS:61943", "OPENVAS:860849", "OPENVAS:61701", "OPENVAS:136141256231063385", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:63385", "OPENVAS:1361412562310100449", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:38F25208515", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2008-4359/", "MSF:ILITIES/SUSE-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4360/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4298/", "MSF:ILITIES/GENTOO-LINUX-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4359/", "MSF:ILITIES/HTTP-LIGHTTPD-CVE-2008-4360/", "MSF:ILITIES/SUSE-CVE-2008-4360/"]}, {"type": "seebug", "idList": ["SSV:4167", "SSV:3182", "SSV:4168"]}], "modified": "2021-10-16T15:47:27", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-10-16T15:47:27", "rev": 2}}, "objectVersion": "1.6", "pluginID": "34332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34332);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\n \"CVE-2008-1531\",\n \"CVE-2008-4298\",\n \"CVE-2008-4359\",\n \"CVE-2008-4360\");\n script_bugtraq_id(\n 28489,\n 31434,\n 31599,\n 31600);\n\n script_name(english:\"lighttpd < 1.4.20 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.20. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n connection_state_machine() function that is triggered\n when disconnecting before a download has finished. An\n unauthenticated, remote attacker can exploit this to\n cause all active SSL connections to be lost.\n (CVE-2008-1531)\n\n - A memory leak flaw exists in the http_request_parse()\n function. An unauthenticated, remote attacker can\n exploit this, via a large number of requests with\n duplicate request headers, to cause a denial of service\n condition. (CVE-2008-4298)\n\n - A security bypass vulnerability exists due to comparing\n URIs to patterns in url.redirect and url.rewrite\n configuration settings before performing URL decoding.\n An unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure or modification of sensitive data.\n (CVE-2008-4359)\n\n - A security bypass vulnerability exists in mod_userdir\n due to performing case-sensitive comparisons even on\n case-insensitive operating systems and file systems. An\n unauthenticated, remote attacker can exploit this to\n bypass intended access restrictions, resulting in the\n disclosure of sensitive information. (CVE-2008-4360)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://redmine.lighttpd.net/issues/1774\");\n # http://web.archive.org/web/20120118054919/http://www.lighttpd.net/2008/9/30/1-4-20-otherwise-the-terrorists-win\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d6f179d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/10/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.20\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:lighttpd:lighttpd"], "solution": "Upgrade to lighttpd version 1.4.20 or later.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "4.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}], "openvas": [{"id": "OPENVAS:60834", "hash": "61f8976e5051cf7b1e0cfd90c3a608da", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: lighttpd", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "modified": "2016-09-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60834", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-02T21:10:18", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-07-02T21:10:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:61364", "OPENVAS:60808", "OPENVAS:60786"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2017-07-02T21:10:18", "rev": 2}}, "objectVersion": "1.5", "pluginID": "60834", "sourceData": "#\n#VID 1ac77649-0908-11dd-974d-000fea2763ce\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: lighttpd\n\nCVE-2008-1531\nThe connection_state_machine function (connections.c) in lighttpd\n1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to\ncause a denial of service (active SSL connection loss) by triggering\nan SSL error, such as disconnecting before a download has finished,\nwhich causes all active SSL connections to be lost.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/29649\nhttp://trac.lighttpd.net/trac/ticket/285\nhttp://www.vuxml.org/freebsd/1ac77649-0908-11dd-974d-000fea2763ce.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60834);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-1531\");\n script_bugtraq_id(28489);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: lighttpd\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"lighttpd\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.19_1\")<0) {\n txt += 'Package lighttpd version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:61364", "hash": "057f10ef3934c10eec230b895d35f1ab", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1540-3 (lighttpd)", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-3.", "published": "2008-08-15T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=61364", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-24T12:49:52", "history": [{"lastseen": "2017-07-02T21:10:12", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:61364", "hash": "1de4713feeb7b9c7f670a66695e04580f031ec96086814d1c62f8036e4211763", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1540-3 (lighttpd)", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-3.", "published": "2008-08-15T00:00:00", "modified": "2016-08-31T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=61364", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-02T21:10:12", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "61364", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1540_3.nasl 3913 2016-08-31 08:01:39Z teissa $\n# Description: Auto-generated from advisory DSA 1540-3 (lighttpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes a regression in lighttpd introduced in DSA-1540,\ncausing SSL failures. For reference the original advisory text is\nquoted below.\n\nIt was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn't correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch10.\n\nWe recommend that you upgrade your lighttpd package.\";\ntag_summary = \"The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-3.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201540-3\";\n\n\nif(description)\n{\n script_id(61364);\n script_version(\"$Revision: 3913 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-08-31 10:01:39 +0200 (Wed, 31 Aug 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-15 15:52:52 +0200 (Fri, 15 Aug 2008)\");\n script_cve_id(\"CVE-2008-1531\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1540-3 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}}], "viewCount": 0, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-07-24T12:49:52", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2017-07-24T12:49:52", "rev": 2}}, "objectVersion": "1.5", "pluginID": "61364", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1540_3.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1540-3 (lighttpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update fixes a regression in lighttpd introduced in DSA-1540,\ncausing SSL failures. For reference the original advisory text is\nquoted below.\n\nIt was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn't correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch10.\n\nWe recommend that you upgrade your lighttpd package.\";\ntag_summary = \"The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-3.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201540-3\";\n\n\nif(description)\n{\n script_id(61364);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-15 15:52:52 +0200 (Fri, 15 Aug 2008)\");\n script_cve_id(\"CVE-2008-1531\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1540-3 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.13-4etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:860205", "hash": "041c956637b9c676ead07ed03a2a08b1", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for lighttpd FEDORA-2008-4119", "description": "Check for the Version of lighttpd", "published": "2009-02-17T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860205", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2008-4119", "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00435.html"], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-25T10:55:57", "history": [{"lastseen": "2017-07-02T21:13:45", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:860205", "hash": "7281ec6134e166beecba41d1ee050ca8f1b9fd936886d4783d831d2a37d8fd05", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for lighttpd FEDORA-2008-4119", "description": "Check for the Version of lighttpd", "published": "2009-02-17T00:00:00", "modified": "2016-05-03T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860205", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2008-4119", "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00435.html"], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-02T21:13:45", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "860205", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2008-4119\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\n for high-performance environments. It has a very low memory footprint compared\n to other webservers and takes care of cpu-load. Its advanced feature-set\n (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\n it the perfect webserver-software for every server that is suffering load\n problems.\n\n Available rpmbuild rebuild options :\n --with : gamin webdavprops webdavlocks memcache\n --without : ldap gdbm lua (cml)\";\n\ntag_affected = \"lighttpd on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00435.html\");\n script_id(860205);\n script_version(\"$Revision: 3217 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-03 15:20:33 +0200 (Tue, 03 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:47:15 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-4119\");\n script_cve_id(\"CVE-2008-1531\");\n script_name( \"Fedora Update for lighttpd FEDORA-2008-4119\");\n\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora\", \"login/SSH/success\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.19~4.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}}], "viewCount": 0, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-07-25T10:55:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4119", "CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60808", "OPENVAS:60786"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2017-07-25T10:55:57", "rev": 2}}, "objectVersion": "1.5", "pluginID": "860205", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2008-4119\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\n for high-performance environments. It has a very low memory footprint compared\n to other webservers and takes care of cpu-load. Its advanced feature-set\n (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\n it the perfect webserver-software for every server that is suffering load\n problems.\n\n Available rpmbuild rebuild options :\n --with : gamin webdavprops webdavlocks memcache\n --without : ldap gdbm lua (cml)\";\n\ntag_affected = \"lighttpd on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00435.html\");\n script_id(860205);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:47:15 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-4119\");\n script_cve_id(\"CVE-2008-1531\");\n script_name( \"Fedora Update for lighttpd FEDORA-2008-4119\");\n\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.19~4.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:60793", "hash": "f29ece62083ab6ac940fc873e47db259", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1540-2 (lighttpd)", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-2.", "published": "2008-04-21T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60793", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-24T12:50:02", "history": [{"lastseen": "2017-07-02T21:10:17", "bulletin": {"id": "OPENVAS:60793", "hash": "87b90a629f1340548bfb1b2c18efe88f7c65c5f823187caa2557b708d812f939", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1540-2 (lighttpd)", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-2.", "published": "2008-04-21T00:00:00", "modified": "2016-08-31T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60793", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-02T21:10:17", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "60793", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1540_2.nasl 3913 2016-08-31 08:01:39Z teissa $\n# Description: Auto-generated from advisory DSA 1540-2 (lighttpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn't correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nThis security update fixes a regression in the previous one, which caused\nSSL failures.\n\nFor the stable distribution (etch), this problem has been fixed in version\n1.4.13-4etch8.\n\nWe recommend that you upgrade your lighttpd package.\";\ntag_summary = \"The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201540-2\";\n\n\nif(description)\n{\n script_id(60793);\n script_version(\"$Revision: 3913 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-08-31 10:01:39 +0200 (Wed, 31 Aug 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-21 20:40:14 +0200 (Mon, 21 Apr 2008)\");\n script_cve_id(\"CVE-2008-1531\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1540-2 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "viewCount": 1, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-07-24T12:50:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60808", "OPENVAS:60786"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2017-07-24T12:50:02", "rev": 2}}, "objectVersion": "1.5", "pluginID": "60793", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1540_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1540-2 (lighttpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn't correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nThis security update fixes a regression in the previous one, which caused\nSSL failures.\n\nFor the stable distribution (etch), this problem has been fixed in version\n1.4.13-4etch8.\n\nWe recommend that you upgrade your lighttpd package.\";\ntag_summary = \"The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201540-2\";\n\n\nif(description)\n{\n script_id(60793);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-21 20:40:14 +0200 (Mon, 21 Apr 2008)\");\n script_cve_id(\"CVE-2008-1531\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1540-2 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.13-4etch8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:60786", "hash": "9a386073ebdb30279b92e7b8820cc1f6", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1540-1 (lighttpd)", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-1.", "published": "2008-04-21T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60786", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-24T12:50:01", "history": [{"lastseen": "2017-07-02T21:10:16", "bulletin": {"id": "OPENVAS:60786", "hash": "ebd555ac4a95ca538396d59f3a299f9b6b63692cfbd315e8e5509a08e1b1e69a", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 1540-1 (lighttpd)", "description": "The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-1.", "published": "2008-04-21T00:00:00", "modified": "2016-08-31T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60786", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531"], "lastseen": "2017-07-02T21:10:16", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "60786", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1540_1.nasl 3913 2016-08-31 08:01:39Z teissa $\n# Description: Auto-generated from advisory DSA 1540-1 (lighttpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn't correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in version\n1.4.13-4etch7.\n\nWe recommend that you upgrade your lighttpd package.\";\ntag_summary = \"The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201540-1\";\n\n\nif(description)\n{\n script_id(60786);\n script_version(\"$Revision: 3913 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-08-31 10:01:39 +0200 (Wed, 31 Aug 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-21 20:40:14 +0200 (Mon, 21 Apr 2008)\");\n script_cve_id(\"CVE-2008-1531\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1540-1 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "viewCount": 0, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-07-24T12:50:01", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60808", "OPENVAS:61364"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2017-07-24T12:50:01", "rev": 2}}, "objectVersion": "1.5", "pluginID": "60786", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1540_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1540-1 (lighttpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn't correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in version\n1.4.13-4etch7.\n\nWe recommend that you upgrade your lighttpd package.\";\ntag_summary = \"The remote host is missing an update to lighttpd\nannounced via advisory DSA 1540-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201540-1\";\n\n\nif(description)\n{\n script_id(60786);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-21 20:40:14 +0200 (Mon, 21 Apr 2008)\");\n script_cve_id(\"CVE-2008-1531\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1540-1 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.13-4etch7\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:60808", "hash": "60115ba0d38a0316dce62b55378e85c5", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200804-08 (lighttpd)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-08.", "published": "2008-09-24T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60808", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531", "CVE-2008-1270"], "lastseen": "2017-07-24T12:50:11", "history": [{"lastseen": "2017-07-02T21:10:21", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:60808", "hash": "db9b752eb17f7c5c2d611d610c7f46f91155e942cbd30e461b245e34c5622108", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200804-08 (lighttpd)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-08.", "published": "2008-09-24T00:00:00", "modified": "2016-11-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60808", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2008-1531", "CVE-2008-1270"], "lastseen": "2017-07-02T21:10:21", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "60808", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in lighttpd may lead to information disclosure or\na Denial of Service.\";\ntag_solution = \"All lighttpd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=212930\nhttp://bugs.gentoo.org/show_bug.cgi?id=214892\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-08.\";\n\n \n\nif(description)\n{\n script_id(60808);\n script_version(\"$Revision: 4465 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-11-10 09:56:30 +0100 (Thu, 10 Nov 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200804-08 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"ssh/login/gentoo\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-servers/lighttpd\", unaffected: make_list(\"ge 1.4.19-r2\"), vulnerable: make_list(\"lt 1.4.19-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks"}}], "viewCount": 2, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-07-24T12:50:11", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531", "CVE-2008-1270"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531", "UB:CVE-2008-1270"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1270", "DEBIANCVE:CVE-2008-1531"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}, {"type": "nessus", "idList": ["FEDORA_2008-3376.NASL", "4411.PRM", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "SUSE_LIGHTTPD-5107.NASL", "FEDORA_2008-4119.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200804-08.NASL", "DEBIAN_DSA-1521.NASL", "SUSE_LIGHTTPD-5216.NASL", "LIGHTTPD_1_4_19.NASL", "LIGHTTPD_1_4_20.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:61364", "OPENVAS:860849", "OPENVAS:60573", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60793"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1521-1:A2F86", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "fedora", "idList": ["FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "seebug", "idList": ["SSV:3182"]}], "modified": "2017-07-24T12:50:11", "rev": 2}}, "objectVersion": "1.5", "pluginID": "60808", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in lighttpd may lead to information disclosure or\na Denial of Service.\";\ntag_solution = \"All lighttpd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.19-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200804-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=212930\nhttp://bugs.gentoo.org/show_bug.cgi?id=214892\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200804-08.\";\n\n \n\nif(description)\n{\n script_id(60808);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1270\", \"CVE-2008-1531\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200804-08 (lighttpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-servers/lighttpd\", unaffected: make_list(\"ge 1.4.19-r2\"), vulnerable: make_list(\"lt 1.4.19-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:860683", "hash": "f8f003e67187c14b44932630fcb9e362", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for lighttpd FEDORA-2008-3343", "description": "Check for the Version of lighttpd", "published": "2009-02-17T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860683", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html", "2008-3343"], "cvelist": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"], "lastseen": "2017-07-25T10:56:15", "history": [{"lastseen": "2017-07-02T21:13:52", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"id": "OPENVAS:860683", "hash": "af8d40c6500b9f994f499287b1d2475f1adb00ce16ebe3f986489f718560eaff", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for lighttpd FEDORA-2008-3343", "description": "Check for the Version of lighttpd", "published": "2009-02-17T00:00:00", "modified": "2016-05-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860683", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html", "2008-3343"], "cvelist": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"], "lastseen": "2017-07-02T21:13:52", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "860683", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2008-3343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\n for high-performance environments. It has a very low memory footprint compared\n to other webservers and takes care of cpu-load. Its advanced feature-set\n (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\n it the perfect webserver-software for every server that is suffering load\n problems.\n\n Available rpmbuild rebuild options :\n --with : gamin webdavprops webdavlocks memcache\n --without : ldap gdbm lua (cml)\";\n\ntag_affected = \"lighttpd on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html\");\n script_id(860683);\n script_version(\"$Revision: 3217 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-03 15:20:33 +0200 (Tue, 03 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3343\");\n script_cve_id(\"CVE-2008-0983\", \"CVE-2008-1111\", \"CVE-2008-1531\");\n script_name( \"Fedora Update for lighttpd FEDORA-2008-3343\");\n\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora\", \"login/SSH/success\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.19~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}}], "viewCount": 0, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-07-25T10:56:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531", "CVE-2008-3343", "CVE-2008-1111", "CVE-2008-0983"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0983", "UB:CVE-2008-1111", "UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531", "DEBIANCVE:CVE-2008-1111", "DEBIANCVE:CVE-2008-0983"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M26GBUVJ013264", "FEDORA:M26GA81O013031"]}, {"type": "openvas", "idList": ["OPENVAS:61357", "OPENVAS:860293", "OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60513", "OPENVAS:60786", "OPENVAS:860246", "OPENVAS:60499", "OPENVAS:61364", "OPENVAS:60808"]}, {"type": "gentoo", "idList": ["GLSA-200804-08", "GLSA-200803-10"]}, {"type": "nessus", "idList": ["SUSE_LIGHTTPD-5107.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-2278.NASL", "4411.PRM", "GENTOO_GLSA-200804-08.NASL", "DEBIAN_DSA-1609.NASL", "4698.PRM", "GENTOO_GLSA-200803-10.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "FEDORA_2008-2262.NASL", "DEBIAN_DSA-1513.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19307", "SECURITYVULNS:DOC:19359", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8763", "SECURITYVULNS:VULN:8732", "SECURITYVULNS:VULN:8849"]}, {"type": "seebug", "idList": ["SSV:2987", "SSV:3182"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1513-1:EC932", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1609-1:32609"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}], "modified": "2017-07-25T10:56:15", "rev": 2}}, "objectVersion": "1.5", "pluginID": "860683", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2008-3343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\n for high-performance environments. It has a very low memory footprint compared\n to other webservers and takes care of cpu-load. Its advanced feature-set\n (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\n it the perfect webserver-software for every server that is suffering load\n problems.\n\n Available rpmbuild rebuild options :\n --with : gamin webdavprops webdavlocks memcache\n --without : ldap gdbm lua (cml)\";\n\ntag_affected = \"lighttpd on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00562.html\");\n script_id(860683);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3343\");\n script_cve_id(\"CVE-2008-0983\", \"CVE-2008-1111\", \"CVE-2008-1531\");\n script_name( \"Fedora Update for lighttpd FEDORA-2008-3343\");\n\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.19~4.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:860849", "hash": "8f3b285ccef876fc130cef2d3069d872", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for lighttpd FEDORA-2008-3376", "description": "Check for the Version of lighttpd", "published": "2009-02-17T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860849", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2008-3376", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html"], "cvelist": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"], "lastseen": "2017-07-25T10:57:17", "history": [{"lastseen": "2017-07-02T21:14:21", "bulletin": {"id": "OPENVAS:860849", "hash": "0fd59644cfd19888d74fda1a8b6b9b5e718b73af4844f73263f2efe8ef2cc681", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for lighttpd FEDORA-2008-3376", "description": "Check for the Version of lighttpd", "published": "2009-02-17T00:00:00", "modified": "2016-05-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860849", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["2008-3376", "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html"], "cvelist": ["CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"], "lastseen": "2017-07-02T21:14:21", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "pluginID": "860849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2008-3376\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\n for high-performance environments. It has a very low memory footprint compared\n to other webservers and takes care of cpu-load. Its advanced feature-set\n (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\n it the perfect webserver-software for every server that is suffering load\n problems.\n\n Available rpmbuild rebuild options :\n --with : gamin webdavprops webdavlocks memcache\n --without : ldap gdbm lua (cml)\";\n\ntag_affected = \"lighttpd on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html\");\n script_id(860849);\n script_version(\"$Revision: 3217 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-05-03 15:20:33 +0200 (Tue, 03 May 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3376\");\n script_cve_id(\"CVE-2008-0983\", \"CVE-2008-1111\", \"CVE-2008-1531\");\n script_name( \"Fedora Update for lighttpd FEDORA-2008-3376\");\n\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora\", \"login/SSH/success\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.19~4.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "viewCount": 0, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-07-25T10:57:17", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3376", "CVE-2008-1531", "CVE-2008-1111", "CVE-2008-0983"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-0983", "UB:CVE-2008-1111", "UB:CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531", "DEBIANCVE:CVE-2008-1111", "DEBIANCVE:CVE-2008-0983"]}, {"type": "fedora", "idList": ["FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514", "FEDORA:M4HMRUMQ016877", "FEDORA:M26GBUVJ013264", "FEDORA:M26GA81O013031"]}, {"type": "openvas", "idList": ["OPENVAS:61357", "OPENVAS:860293", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:60513", "OPENVAS:60786", "OPENVAS:860246", "OPENVAS:60499", "OPENVAS:61364", "OPENVAS:60808"]}, {"type": "gentoo", "idList": ["GLSA-200804-08", "GLSA-200803-10"]}, {"type": "nessus", "idList": ["SUSE_LIGHTTPD-5107.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "LIGHTTPD_1_4_19.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "FEDORA_2008-2278.NASL", "4411.PRM", "GENTOO_GLSA-200804-08.NASL", "DEBIAN_DSA-1609.NASL", "4698.PRM", "GENTOO_GLSA-200803-10.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "FEDORA_2008-2262.NASL", "DEBIAN_DSA-1513.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "seebug", "idList": ["SSV:2987", "SSV:3182"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19307", "SECURITYVULNS:DOC:19359", "SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8763", "SECURITYVULNS:VULN:8732", "SECURITYVULNS:VULN:8849"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1513-1:EC932", "DEBIAN:DSA-1540-3:02F0A", "DEBIAN:DSA-1609-1:32609"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}], "modified": "2017-07-25T10:57:17", "rev": 2}}, "objectVersion": "1.5", "pluginID": "860849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2008-3376\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\n for high-performance environments. It has a very low memory footprint compared\n to other webservers and takes care of cpu-load. Its advanced feature-set\n (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\n it the perfect webserver-software for every server that is suffering load\n problems.\n\n Available rpmbuild rebuild options :\n --with : gamin webdavprops webdavlocks memcache\n --without : ldap gdbm lua (cml)\";\n\ntag_affected = \"lighttpd on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00587.html\");\n script_id(860849);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3376\");\n script_cve_id(\"CVE-2008-0983\", \"CVE-2008-1111\", \"CVE-2008-1531\");\n script_name( \"Fedora Update for lighttpd FEDORA-2008-3376\");\n\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.19~4.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "debian": [{"id": "DEBIAN:DSA-1540-3:02F0A", "hash": "bd30cf4998cdfe4fcaaf562e40447de6", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 1540-3] New lighttpd packages fix regression", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1540-3 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJuly 23, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-1531\n\nThis update fixes a regression in lighttpd introduced in DSA-1540,\ncausing SSL failures. For reference the original advisory text is\nquoted below.\n\nIt was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn&#x27;t correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch10.\n\nWe recommend that you upgrade your lighttpd package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.diff.gz\n Size/MD5 checksum: 36023 5421eda86388cddf30348ee39c8b2059\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz\n Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.dsc\n Size/MD5 checksum: 1392 6011ac4224ab8ff0c1c9355f30ab11a9\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch10_all.deb\n Size/MD5 checksum: 100096 416759ae3a223ab799bbc7b264329600\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 319874 0b138412935fb92f57bf968d075a05c1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 64968 5357d1c9aad4f5f5c03016d708670164\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 65408 03933a616584ab63c0e59e652856b99c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 60148 8ed6ab0f02706ba339813f160cac356d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 61924 7171b0c3a9542b33a73b38e9b2ac516d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 71890 3d4973ba1c5e8d4938a35f7247e1cdbf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 70182 7ab5aa294cc9a9949ec81c850dddafee\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 60978 961bc12a093309e50684188b2e948461\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 64116 c745249a7e7e42d0abdd3c7761ffb086\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 59368 aceae8b5e32229cf22de3d3b34344ba9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 297762 f6cf537e673702bc7f801a697368a5bc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 63822 9345b068868eb6209ec440d58ce86c55\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 286920 d13637f537de06b137194407064ac0a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 69928 a3f8604454dcdd7c7b8ae9f11302e833\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 61044 773180da5b9fc10d1d9d2dd414249ff5\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 58916 c794ba700e98dacb27bab69f64c9e149\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63308 5e657e92c3da9916dbbaee9c4a03f018\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63104 08e2941228b962c26c3a32bf0e86d32a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 60160 69f1cd388dd12927944a18bc13ac2bfd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65266 01e1a4431148a150b7f9d8a7686c00f2\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 62150 0330b4725c3f6d0c3cd75c52d568a555\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65772 cd104584c07c3a20e476c4ab2bc16031\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 73212 53e4b9752c555a2fd0b415d37f62c3f0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 324330 2d95d0da6c2b87dbf0b985eb1ab8f807\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 285396 caed89abf2b41aa96f854f391eeab7dd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 64088 8747d075d8b21d458e54cd08fa7e02b1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 59226 71056ae49ca30f121a53196e801a6909\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 60962 a5f38b66f5375006217d89e7dd0290be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 63880 f5d9d6d0df4bde78a971363fcd91bd2e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 71204 4b26fd15200ef37037762c2f48d58ca1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 61422 0c2d54f7b9b8aa11899ef4a3e312690e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 63300 8fbe3eb055b99f3834b2dfb58f7ff070\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67756 a5c0845befc3de72d9e2289e90384f64\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 77322 091bff45fac447c7bd5288c6cdf56b20\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67606 b1325f224d1b54eb65f2125e98e82424\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 403688 ae0e8104305b96517d08f5aea77a4606\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 60232 724ec494cc69548b8890880b7d248dba\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 58848 3a6d7d458cb1c949115d3ad12d562138\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62926 193df4731bdc1ee1073714abe1d29114\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62800 e4c88318acfbe7f050ea4f1ed4681ebb\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 69510 3f5b26527058dd16c4655c0ecde35512\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 296630 75f466488f83f207f40e6f4f5f46574e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 61016 abe2b0c52a6296920a2e2fce95349202\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 297784 e8a0ff63ef6a03ac95cf7c40b8e1b430\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 59536 76c9889ec0027e00d9afe83d092d0d83\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63806 7b2d63f55b325ea9a1412a1c570dd3a3\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 70284 be38504e52300160c540dc6bcd41430e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63632 9ab20f0ac90dec49e4821bf2e3f2e352\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65662 914158dc357223cfbcdf4d8dccaa0750\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 324318 ed2ab4940c84fa3d7f1a50f713a4f2a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65382 895629ee1afc700d0df7977329708327\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 60898 b93e6ec96fc740ee8d5c41f42cf61775\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 62720 ddfda8e2b596cc362e13374f0b3184c0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 72022 c36a5c17592f362d264da046c86719f4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 59834 b3b2274d0693571453277e07b007d317\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 307604 efdcb28b7c72dd651fbef3cd29c0b2b0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64888 5ee5c58eb8137e16d7cc5a5051e1e681\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 61336 97649501fee31f896dbf0a04bc557e67\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64498 d808433a519c3b935e3377be7fe3200b\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 71628 b3157f215944ad2e823bfe3faa0d1850\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 70228 f5e3eaf4c778339568a0e5a4b50a2c71\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 60764 d994ef00d45e45df2903629946c0b631\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63660 5b044502ef80613f1cd9a713ac4cf90c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 284744 a56972a3ea97aa4189ada9abec79a4be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 59114 db674bf22be34eead049277cc5882d66\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63682 2b3f4d7c52fe9cc8c9122df0bd46f7c3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "published": "2008-07-23T18:59:43", "modified": "2008-07-23T18:59:43", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/2008/msg00197.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2021-10-22T01:27:40", "history": [{"bulletin": {"id": "DEBIAN:DSA-1540-3:02F0A", "hash": "2e80ca2a3be236268446e7d9b56e2d09b3f884ee334c62280c4dec4af382947e", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 1540-3] New lighttpd packages fix regression", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1540-3 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJuly 23, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-1531\n\nThis update fixes a regression in lighttpd introduced in DSA-1540,\ncausing SSL failures. For reference the original advisory text is\nquoted below.\n\nIt was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn&#x27;t correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch10.\n\nWe recommend that you upgrade your lighttpd package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.diff.gz\n Size/MD5 checksum: 36023 5421eda86388cddf30348ee39c8b2059\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz\n Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.dsc\n Size/MD5 checksum: 1392 6011ac4224ab8ff0c1c9355f30ab11a9\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch10_all.deb\n Size/MD5 checksum: 100096 416759ae3a223ab799bbc7b264329600\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 319874 0b138412935fb92f57bf968d075a05c1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 64968 5357d1c9aad4f5f5c03016d708670164\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 65408 03933a616584ab63c0e59e652856b99c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 60148 8ed6ab0f02706ba339813f160cac356d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 61924 7171b0c3a9542b33a73b38e9b2ac516d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 71890 3d4973ba1c5e8d4938a35f7247e1cdbf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 70182 7ab5aa294cc9a9949ec81c850dddafee\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 60978 961bc12a093309e50684188b2e948461\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 64116 c745249a7e7e42d0abdd3c7761ffb086\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 59368 aceae8b5e32229cf22de3d3b34344ba9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 297762 f6cf537e673702bc7f801a697368a5bc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 63822 9345b068868eb6209ec440d58ce86c55\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 286920 d13637f537de06b137194407064ac0a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 69928 a3f8604454dcdd7c7b8ae9f11302e833\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 61044 773180da5b9fc10d1d9d2dd414249ff5\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 58916 c794ba700e98dacb27bab69f64c9e149\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63308 5e657e92c3da9916dbbaee9c4a03f018\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63104 08e2941228b962c26c3a32bf0e86d32a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 60160 69f1cd388dd12927944a18bc13ac2bfd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65266 01e1a4431148a150b7f9d8a7686c00f2\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 62150 0330b4725c3f6d0c3cd75c52d568a555\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65772 cd104584c07c3a20e476c4ab2bc16031\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 73212 53e4b9752c555a2fd0b415d37f62c3f0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 324330 2d95d0da6c2b87dbf0b985eb1ab8f807\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 285396 caed89abf2b41aa96f854f391eeab7dd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 64088 8747d075d8b21d458e54cd08fa7e02b1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 59226 71056ae49ca30f121a53196e801a6909\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 60962 a5f38b66f5375006217d89e7dd0290be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 63880 f5d9d6d0df4bde78a971363fcd91bd2e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 71204 4b26fd15200ef37037762c2f48d58ca1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 61422 0c2d54f7b9b8aa11899ef4a3e312690e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 63300 8fbe3eb055b99f3834b2dfb58f7ff070\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67756 a5c0845befc3de72d9e2289e90384f64\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 77322 091bff45fac447c7bd5288c6cdf56b20\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67606 b1325f224d1b54eb65f2125e98e82424\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 403688 ae0e8104305b96517d08f5aea77a4606\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 60232 724ec494cc69548b8890880b7d248dba\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 58848 3a6d7d458cb1c949115d3ad12d562138\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62926 193df4731bdc1ee1073714abe1d29114\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62800 e4c88318acfbe7f050ea4f1ed4681ebb\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 69510 3f5b26527058dd16c4655c0ecde35512\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 296630 75f466488f83f207f40e6f4f5f46574e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 61016 abe2b0c52a6296920a2e2fce95349202\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 297784 e8a0ff63ef6a03ac95cf7c40b8e1b430\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 59536 76c9889ec0027e00d9afe83d092d0d83\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63806 7b2d63f55b325ea9a1412a1c570dd3a3\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 70284 be38504e52300160c540dc6bcd41430e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63632 9ab20f0ac90dec49e4821bf2e3f2e352\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65662 914158dc357223cfbcdf4d8dccaa0750\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 324318 ed2ab4940c84fa3d7f1a50f713a4f2a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65382 895629ee1afc700d0df7977329708327\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 60898 b93e6ec96fc740ee8d5c41f42cf61775\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 62720 ddfda8e2b596cc362e13374f0b3184c0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 72022 c36a5c17592f362d264da046c86719f4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 59834 b3b2274d0693571453277e07b007d317\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 307604 efdcb28b7c72dd651fbef3cd29c0b2b0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64888 5ee5c58eb8137e16d7cc5a5051e1e681\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 61336 97649501fee31f896dbf0a04bc557e67\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64498 d808433a519c3b935e3377be7fe3200b\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 71628 b3157f215944ad2e823bfe3faa0d1850\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 70228 f5e3eaf4c778339568a0e5a4b50a2c71\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 60764 d994ef00d45e45df2903629946c0b631\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63660 5b044502ef80613f1cd9a713ac4cf90c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 284744 a56972a3ea97aa4189ada9abec79a4be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 59114 db674bf22be34eead049277cc5882d66\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63682 2b3f4d7c52fe9cc8c9122df0bd46f7c3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "published": "2008-07-23T18:59:51", "modified": "2008-07-23T18:59:51", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00197.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2018-10-16T22:13:36", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2018-10-16T22:13:36", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}]}, "score": {"modified": "2018-10-16T22:13:36", "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-trigger-b4-dl", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd_1.4.13-4etch10_all.deb", "packageName": "lighttpd", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-mysql-vhost", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-webdav_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-webdav", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-cml", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-doc_1.4.13-4etch10_all.deb", "packageName": "lighttpd-doc", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-magnet", "packageVersion": "1.4.13-4etch10"}]}, "lastseen": "2018-10-16T22:13:36", "differentElements": ["cvss"], "edition": 1}, {"bulletin": {"id": "DEBIAN:DSA-1540-3:02F0A", "hash": "d80bf64c6676b60fc8107d9c5bec842dfa14c805e0eefece2c74cc52c486ee3c", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 1540-3] New lighttpd packages fix regression", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1540-3 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJuly 23, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-1531\n\nThis update fixes a regression in lighttpd introduced in DSA-1540,\ncausing SSL failures. For reference the original advisory text is\nquoted below.\n\nIt was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn&#x27;t correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch10.\n\nWe recommend that you upgrade your lighttpd package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.diff.gz\n Size/MD5 checksum: 36023 5421eda86388cddf30348ee39c8b2059\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz\n Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.dsc\n Size/MD5 checksum: 1392 6011ac4224ab8ff0c1c9355f30ab11a9\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch10_all.deb\n Size/MD5 checksum: 100096 416759ae3a223ab799bbc7b264329600\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 319874 0b138412935fb92f57bf968d075a05c1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 64968 5357d1c9aad4f5f5c03016d708670164\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 65408 03933a616584ab63c0e59e652856b99c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 60148 8ed6ab0f02706ba339813f160cac356d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 61924 7171b0c3a9542b33a73b38e9b2ac516d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 71890 3d4973ba1c5e8d4938a35f7247e1cdbf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 70182 7ab5aa294cc9a9949ec81c850dddafee\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 60978 961bc12a093309e50684188b2e948461\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 64116 c745249a7e7e42d0abdd3c7761ffb086\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 59368 aceae8b5e32229cf22de3d3b34344ba9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 297762 f6cf537e673702bc7f801a697368a5bc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 63822 9345b068868eb6209ec440d58ce86c55\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 286920 d13637f537de06b137194407064ac0a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 69928 a3f8604454dcdd7c7b8ae9f11302e833\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 61044 773180da5b9fc10d1d9d2dd414249ff5\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 58916 c794ba700e98dacb27bab69f64c9e149\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63308 5e657e92c3da9916dbbaee9c4a03f018\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63104 08e2941228b962c26c3a32bf0e86d32a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 60160 69f1cd388dd12927944a18bc13ac2bfd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65266 01e1a4431148a150b7f9d8a7686c00f2\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 62150 0330b4725c3f6d0c3cd75c52d568a555\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65772 cd104584c07c3a20e476c4ab2bc16031\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 73212 53e4b9752c555a2fd0b415d37f62c3f0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 324330 2d95d0da6c2b87dbf0b985eb1ab8f807\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 285396 caed89abf2b41aa96f854f391eeab7dd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 64088 8747d075d8b21d458e54cd08fa7e02b1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 59226 71056ae49ca30f121a53196e801a6909\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 60962 a5f38b66f5375006217d89e7dd0290be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 63880 f5d9d6d0df4bde78a971363fcd91bd2e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 71204 4b26fd15200ef37037762c2f48d58ca1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 61422 0c2d54f7b9b8aa11899ef4a3e312690e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 63300 8fbe3eb055b99f3834b2dfb58f7ff070\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67756 a5c0845befc3de72d9e2289e90384f64\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 77322 091bff45fac447c7bd5288c6cdf56b20\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67606 b1325f224d1b54eb65f2125e98e82424\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 403688 ae0e8104305b96517d08f5aea77a4606\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 60232 724ec494cc69548b8890880b7d248dba\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 58848 3a6d7d458cb1c949115d3ad12d562138\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62926 193df4731bdc1ee1073714abe1d29114\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62800 e4c88318acfbe7f050ea4f1ed4681ebb\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 69510 3f5b26527058dd16c4655c0ecde35512\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 296630 75f466488f83f207f40e6f4f5f46574e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 61016 abe2b0c52a6296920a2e2fce95349202\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 297784 e8a0ff63ef6a03ac95cf7c40b8e1b430\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 59536 76c9889ec0027e00d9afe83d092d0d83\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63806 7b2d63f55b325ea9a1412a1c570dd3a3\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 70284 be38504e52300160c540dc6bcd41430e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63632 9ab20f0ac90dec49e4821bf2e3f2e352\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65662 914158dc357223cfbcdf4d8dccaa0750\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 324318 ed2ab4940c84fa3d7f1a50f713a4f2a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65382 895629ee1afc700d0df7977329708327\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 60898 b93e6ec96fc740ee8d5c41f42cf61775\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 62720 ddfda8e2b596cc362e13374f0b3184c0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 72022 c36a5c17592f362d264da046c86719f4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 59834 b3b2274d0693571453277e07b007d317\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 307604 efdcb28b7c72dd651fbef3cd29c0b2b0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64888 5ee5c58eb8137e16d7cc5a5051e1e681\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 61336 97649501fee31f896dbf0a04bc557e67\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64498 d808433a519c3b935e3377be7fe3200b\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 71628 b3157f215944ad2e823bfe3faa0d1850\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 70228 f5e3eaf4c778339568a0e5a4b50a2c71\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 60764 d994ef00d45e45df2903629946c0b631\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63660 5b044502ef80613f1cd9a713ac4cf90c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 284744 a56972a3ea97aa4189ada9abec79a4be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 59114 db674bf22be34eead049277cc5882d66\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63682 2b3f4d7c52fe9cc8c9122df0bd46f7c3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "published": "2008-07-23T18:59:51", "modified": "2008-07-23T18:59:51", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00197.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2019-05-30T02:23:05", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2019-05-30T02:23:05", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2019-05-30T02:23:05", "rev": 2, "value": 6.9, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-trigger-b4-dl", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd_1.4.13-4etch10_all.deb", "packageName": "lighttpd", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-mysql-vhost", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-webdav_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-webdav", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-cml", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-doc_1.4.13-4etch10_all.deb", "packageName": "lighttpd-doc", "packageVersion": "1.4.13-4etch10"}, {"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch10_all.deb", "packageName": "lighttpd-mod-magnet", "packageVersion": "1.4.13-4etch10"}]}, "lastseen": "2019-05-30T02:23:05", "differentElements": ["affectedPackage", "cvss2"], "edition": 2}, {"bulletin": {"id": "DEBIAN:DSA-1540-3:02F0A", "hash": "6bae6536251807a5a3b7af2a7ed519f8", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 1540-3] New lighttpd packages fix regression", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1540-3 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJuly 23, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-1531\n\nThis update fixes a regression in lighttpd introduced in DSA-1540,\ncausing SSL failures. For reference the original advisory text is\nquoted below.\n\nIt was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn&#x27;t correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch10.\n\nWe recommend that you upgrade your lighttpd package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.diff.gz\n Size/MD5 checksum: 36023 5421eda86388cddf30348ee39c8b2059\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz\n Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.dsc\n Size/MD5 checksum: 1392 6011ac4224ab8ff0c1c9355f30ab11a9\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch10_all.deb\n Size/MD5 checksum: 100096 416759ae3a223ab799bbc7b264329600\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 319874 0b138412935fb92f57bf968d075a05c1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 64968 5357d1c9aad4f5f5c03016d708670164\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 65408 03933a616584ab63c0e59e652856b99c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 60148 8ed6ab0f02706ba339813f160cac356d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 61924 7171b0c3a9542b33a73b38e9b2ac516d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 71890 3d4973ba1c5e8d4938a35f7247e1cdbf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 70182 7ab5aa294cc9a9949ec81c850dddafee\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 60978 961bc12a093309e50684188b2e948461\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 64116 c745249a7e7e42d0abdd3c7761ffb086\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 59368 aceae8b5e32229cf22de3d3b34344ba9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 297762 f6cf537e673702bc7f801a697368a5bc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 63822 9345b068868eb6209ec440d58ce86c55\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 286920 d13637f537de06b137194407064ac0a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 69928 a3f8604454dcdd7c7b8ae9f11302e833\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 61044 773180da5b9fc10d1d9d2dd414249ff5\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 58916 c794ba700e98dacb27bab69f64c9e149\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63308 5e657e92c3da9916dbbaee9c4a03f018\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63104 08e2941228b962c26c3a32bf0e86d32a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 60160 69f1cd388dd12927944a18bc13ac2bfd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65266 01e1a4431148a150b7f9d8a7686c00f2\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 62150 0330b4725c3f6d0c3cd75c52d568a555\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65772 cd104584c07c3a20e476c4ab2bc16031\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 73212 53e4b9752c555a2fd0b415d37f62c3f0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 324330 2d95d0da6c2b87dbf0b985eb1ab8f807\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 285396 caed89abf2b41aa96f854f391eeab7dd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 64088 8747d075d8b21d458e54cd08fa7e02b1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 59226 71056ae49ca30f121a53196e801a6909\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 60962 a5f38b66f5375006217d89e7dd0290be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 63880 f5d9d6d0df4bde78a971363fcd91bd2e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 71204 4b26fd15200ef37037762c2f48d58ca1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 61422 0c2d54f7b9b8aa11899ef4a3e312690e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 63300 8fbe3eb055b99f3834b2dfb58f7ff070\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67756 a5c0845befc3de72d9e2289e90384f64\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 77322 091bff45fac447c7bd5288c6cdf56b20\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67606 b1325f224d1b54eb65f2125e98e82424\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 403688 ae0e8104305b96517d08f5aea77a4606\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 60232 724ec494cc69548b8890880b7d248dba\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 58848 3a6d7d458cb1c949115d3ad12d562138\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62926 193df4731bdc1ee1073714abe1d29114\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62800 e4c88318acfbe7f050ea4f1ed4681ebb\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 69510 3f5b26527058dd16c4655c0ecde35512\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 296630 75f466488f83f207f40e6f4f5f46574e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 61016 abe2b0c52a6296920a2e2fce95349202\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 297784 e8a0ff63ef6a03ac95cf7c40b8e1b430\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 59536 76c9889ec0027e00d9afe83d092d0d83\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63806 7b2d63f55b325ea9a1412a1c570dd3a3\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 70284 be38504e52300160c540dc6bcd41430e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63632 9ab20f0ac90dec49e4821bf2e3f2e352\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65662 914158dc357223cfbcdf4d8dccaa0750\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 324318 ed2ab4940c84fa3d7f1a50f713a4f2a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65382 895629ee1afc700d0df7977329708327\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 60898 b93e6ec96fc740ee8d5c41f42cf61775\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 62720 ddfda8e2b596cc362e13374f0b3184c0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 72022 c36a5c17592f362d264da046c86719f4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 59834 b3b2274d0693571453277e07b007d317\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 307604 efdcb28b7c72dd651fbef3cd29c0b2b0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64888 5ee5c58eb8137e16d7cc5a5051e1e681\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 61336 97649501fee31f896dbf0a04bc557e67\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64498 d808433a519c3b935e3377be7fe3200b\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 71628 b3157f215944ad2e823bfe3faa0d1850\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 70228 f5e3eaf4c778339568a0e5a4b50a2c71\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 60764 d994ef00d45e45df2903629946c0b631\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63660 5b044502ef80613f1cd9a713ac4cf90c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 284744 a56972a3ea97aa4189ada9abec79a4be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 59114 db674bf22be34eead049277cc5882d66\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63682 2b3f4d7c52fe9cc8c9122df0bd46f7c3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "published": "2008-07-23T18:59:51", "modified": "2008-07-23T18:59:51", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00197.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-11-11T13:19:06", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19540", "SECURITYVULNS:VULN:8849"]}, {"type": "openvas", "idList": ["OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:60808", "OPENVAS:60786", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:860849"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["LIGHTTPD_1_4_20.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "GENTOO_GLSA-200804-08.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TL8N73030514", "FEDORA:M3TLCX57031009"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2020-11-11T13:19:06", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2020-11-11T13:19:06", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "arch": "all", "operator": "lt", "packageFilename": "lighttpd_1.4.13-4etch10_all.deb", "packageName": "lighttpd", "packageVersion": "1.4.13-4etch10"}]}, "lastseen": "2020-11-11T13:19:06", "differentElements": ["affectedPackage", "cvss2"], "edition": 3}, {"bulletin": {"id": "DEBIAN:DSA-1540-3:02F0A", "hash": "40d54aa900b634b1dd5a9ca2868621c5630c214987952f05b90f1d0577935718", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 1540-3] New lighttpd packages fix regression", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1540-3 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJuly 23, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-1531\n\nThis update fixes a regression in lighttpd introduced in DSA-1540,\ncausing SSL failures. For reference the original advisory text is\nquoted below.\n\nIt was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, was didn&#x27;t correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch10.\n\nWe recommend that you upgrade your lighttpd package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.diff.gz\n Size/MD5 checksum: 36023 5421eda86388cddf30348ee39c8b2059\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz\n Size/MD5 checksum: 793309 3a64323b8482b0e8a6246dbfdb4c39dc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10.dsc\n Size/MD5 checksum: 1392 6011ac4224ab8ff0c1c9355f30ab11a9\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch10_all.deb\n Size/MD5 checksum: 100096 416759ae3a223ab799bbc7b264329600\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 319874 0b138412935fb92f57bf968d075a05c1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 64968 5357d1c9aad4f5f5c03016d708670164\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 65408 03933a616584ab63c0e59e652856b99c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 60148 8ed6ab0f02706ba339813f160cac356d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 61924 7171b0c3a9542b33a73b38e9b2ac516d\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_alpha.deb\n Size/MD5 checksum: 71890 3d4973ba1c5e8d4938a35f7247e1cdbf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 70182 7ab5aa294cc9a9949ec81c850dddafee\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 60978 961bc12a093309e50684188b2e948461\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 64116 c745249a7e7e42d0abdd3c7761ffb086\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 59368 aceae8b5e32229cf22de3d3b34344ba9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 297762 f6cf537e673702bc7f801a697368a5bc\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_amd64.deb\n Size/MD5 checksum: 63822 9345b068868eb6209ec440d58ce86c55\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 286920 d13637f537de06b137194407064ac0a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 69928 a3f8604454dcdd7c7b8ae9f11302e833\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 61044 773180da5b9fc10d1d9d2dd414249ff5\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 58916 c794ba700e98dacb27bab69f64c9e149\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63308 5e657e92c3da9916dbbaee9c4a03f018\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_arm.deb\n Size/MD5 checksum: 63104 08e2941228b962c26c3a32bf0e86d32a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 60160 69f1cd388dd12927944a18bc13ac2bfd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65266 01e1a4431148a150b7f9d8a7686c00f2\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 62150 0330b4725c3f6d0c3cd75c52d568a555\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 65772 cd104584c07c3a20e476c4ab2bc16031\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 73212 53e4b9752c555a2fd0b415d37f62c3f0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_hppa.deb\n Size/MD5 checksum: 324330 2d95d0da6c2b87dbf0b985eb1ab8f807\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 285396 caed89abf2b41aa96f854f391eeab7dd\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 64088 8747d075d8b21d458e54cd08fa7e02b1\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 59226 71056ae49ca30f121a53196e801a6909\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 60962 a5f38b66f5375006217d89e7dd0290be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 63880 f5d9d6d0df4bde78a971363fcd91bd2e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_i386.deb\n Size/MD5 checksum: 71204 4b26fd15200ef37037762c2f48d58ca1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 61422 0c2d54f7b9b8aa11899ef4a3e312690e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 63300 8fbe3eb055b99f3834b2dfb58f7ff070\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67756 a5c0845befc3de72d9e2289e90384f64\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 77322 091bff45fac447c7bd5288c6cdf56b20\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 67606 b1325f224d1b54eb65f2125e98e82424\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_ia64.deb\n Size/MD5 checksum: 403688 ae0e8104305b96517d08f5aea77a4606\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 60232 724ec494cc69548b8890880b7d248dba\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 58848 3a6d7d458cb1c949115d3ad12d562138\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62926 193df4731bdc1ee1073714abe1d29114\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 62800 e4c88318acfbe7f050ea4f1ed4681ebb\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 69510 3f5b26527058dd16c4655c0ecde35512\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mips.deb\n Size/MD5 checksum: 296630 75f466488f83f207f40e6f4f5f46574e\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 61016 abe2b0c52a6296920a2e2fce95349202\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 297784 e8a0ff63ef6a03ac95cf7c40b8e1b430\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 59536 76c9889ec0027e00d9afe83d092d0d83\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63806 7b2d63f55b325ea9a1412a1c570dd3a3\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 70284 be38504e52300160c540dc6bcd41430e\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_mipsel.deb\n Size/MD5 checksum: 63632 9ab20f0ac90dec49e4821bf2e3f2e352\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65662 914158dc357223cfbcdf4d8dccaa0750\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 324318 ed2ab4940c84fa3d7f1a50f713a4f2a9\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 65382 895629ee1afc700d0df7977329708327\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 60898 b93e6ec96fc740ee8d5c41f42cf61775\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 62720 ddfda8e2b596cc362e13374f0b3184c0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_powerpc.deb\n Size/MD5 checksum: 72022 c36a5c17592f362d264da046c86719f4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 59834 b3b2274d0693571453277e07b007d317\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 307604 efdcb28b7c72dd651fbef3cd29c0b2b0\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64888 5ee5c58eb8137e16d7cc5a5051e1e681\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 61336 97649501fee31f896dbf0a04bc557e67\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 64498 d808433a519c3b935e3377be7fe3200b\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_s390.deb\n Size/MD5 checksum: 71628 b3157f215944ad2e823bfe3faa0d1850\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 70228 f5e3eaf4c778339568a0e5a4b50a2c71\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 60764 d994ef00d45e45df2903629946c0b631\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63660 5b044502ef80613f1cd9a713ac4cf90c\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 284744 a56972a3ea97aa4189ada9abec79a4be\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 59114 db674bf22be34eead049277cc5882d66\n http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch10_sparc.deb\n Size/MD5 checksum: 63682 2b3f4d7c52fe9cc8c9122df0bd46f7c3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "published": "2008-07-23T18:59:51", "modified": "2008-07-23T18:59:51", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00197.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2008-1531"], "immutableFields": [], "lastseen": "2020-11-11T13:19:06", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-11-11T13:19:06", "references": [{"idList": ["FEDORA_2008-3376.NASL", "FEDORA_2008-4119.NASL", "SUSE_LIGHTTPD-5216.NASL", "GENTOO_GLSA-200804-08.NASL", "LIGHTTPD_1_4_20.NASL", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "DEBIAN_DSA-1540.NASL"], "type": "nessus"}, {"idList": ["CVE-2008-1531"], "type": "cve"}, {"idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"], "type": "fedora"}, {"idList": ["DEBIAN:DSA-1540-2:C5E42", "DEBIAN:DSA-1540-1:A7A75"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"], "type": "securityvulns"}, {"idList": ["GLSA-200804-08"], "type": "gentoo"}, {"idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"], "type": "freebsd"}, {"idList": ["UB:CVE-2008-1531"], "type": "ubuntucve"}, {"idList": ["SSV:3182"], "type": "seebug"}, {"idList": ["OPENVAS:60808", "OPENVAS:61364", "OPENVAS:60793", "OPENVAS:860849", "OPENVAS:60786", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:860683"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2020-11-11T13:19:06", "rev": 2, "value": 6.9, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": []}, "lastseen": "2020-11-11T13:19:06", "differentElements": ["affectedPackage", "cvss2", "description", "href", "modified", "published"], "edition": 4}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-1531"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-1531"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-1531"]}, {"type": "openvas", "idList": ["OPENVAS:860849", "OPENVAS:60793", "OPENVAS:860683", "OPENVAS:860205", "OPENVAS:60834", "OPENVAS:61364", "OPENVAS:60786", "OPENVAS:60808"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8849", "SECURITYVULNS:DOC:19540"]}, {"type": "seebug", "idList": ["SSV:3182"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1540.NASL", "FEDORA_2008-4119.NASL", "FEDORA_2008-3376.NASL", "LIGHTTPD_1_4_20.NASL", "GENTOO_GLSA-200804-08.NASL", "4698.PRM", "FREEBSD_PKG_1AC77649090811DD974D000FEA2763CE.NASL", "FEDORA_2008-3343.NASL", "SUSE_LIGHTTPD-5216.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1540-1:A7A75", "DEBIAN:DSA-1540-2:C5E42"]}, {"type": "freebsd", "idList": ["1AC77649-0908-11DD-974D-000FEA2763CE"]}, {"type": "fedora", "idList": ["FEDORA:M4HMRUMQ016877", "FEDORA:M3TLCX57031009", "FEDORA:M3TL8N73030514"]}, {"type": "gentoo", "idList": ["GLSA-200804-08"]}], "modified": "2021-10-22T01:27:40", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-10-22T01:27:40", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"packageVersion": "1.4.13-4etch7", "OS": "Debian", "OSVersion": "4", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_hppa.deb", "operator": "lt", "arch": "hppa", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch7_amd64.deb", "OS": "Debian", "OSVersion": "4", "operator": "lt", "arch": "amd64", "packageName": "lighttpd-mod-magnet"}, {"packageFilename": "lighttpd-doc_1.4.13-4etch7_all.deb", "packageVersion": "1.4.13-4etch7", "arch": "all", "OS": "Debian", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-doc"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-webdav_1.4.13-4etch7_alpha.deb", "OS": "Debian", "arch": "alpha", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-webdav"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "OSVersion": "4", "packageFilename": "lighttpd_1.4.13-4etch7_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "lighttpd"}, {"arch": "sparc", "packageVersion": "1.4.13-4etch7", "OS": "Debian", "OSVersion": "4", "packageFilename": "lighttpd_1.4.13-4etch7_sparc.deb", "operator": "lt", "packageName": "lighttpd"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_amd64.deb", "OSVersion": "4", "operator": "lt", "arch": "amd64", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "alpha", "OSVersion": "4", "operator": "lt", "packageFilename": "lighttpd_1.4.13-4etch7_alpha.deb", "packageName": "lighttpd"}, {"packageVersion": "1.4.13-4etch7", "operator": "lt", "OS": "Debian", "packageFilename": "lighttpd-mod-webdav_1.4.13-4etch7_arm.deb", "OSVersion": "4", "arch": "arm", "packageName": "lighttpd-mod-webdav"}, {"packageVersion": "1.4.13-4etch7", "arch": "all", "OS": "Debian", "OSVersion": "4", "packageFilename": "lighttpd_1.4.13-4etch7_all.deb", "operator": "lt", "packageName": "lighttpd"}, {"arch": "sparc", "packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_sparc.deb", "OS": "Debian", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "arch": "powerpc", "OS": "Debian", "OSVersion": "4", "operator": "lt", "packageFilename": "lighttpd-mod-webdav_1.4.13-4etch7_powerpc.deb", "packageName": "lighttpd-mod-webdav"}, {"packageVersion": "1.4.13-4etch7", "operator": "lt", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_arm.deb", "OS": "Debian", "OSVersion": "4", "arch": "arm", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "s390", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_s390.deb", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "packageFilename": "lighttpd_1.4.13-4etch7_hppa.deb", "OSVersion": "4", "operator": "lt", "arch": "hppa", "packageName": "lighttpd"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_ia64.deb", "OS": "Debian", "arch": "ia64", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.13-4etch7_i386.deb", "OS": "Debian", "OSVersion": "4", "arch": "i386", "operator": "lt", "packageName": "lighttpd-mod-mysql-vhost"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "alpha", "OSVersion": "4", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_alpha.deb", "operator": "lt", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.13-4etch7_ia64.deb", "OS": "Debian", "arch": "ia64", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-mysql-vhost"}, {"arch": "sparc", "packageVersion": "1.4.13-4etch7", "OS": "Debian", "packageFilename": "lighttpd-mod-webdav_1.4.13-4etch7_sparc.deb", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-webdav"}, {"packageVersion": "1.4.13-4etch7", "operator": "lt", "OS": "Debian", "OSVersion": "4", "packageFilename": "lighttpd_1.4.13-4etch7_arm.deb", "arch": "arm", "packageName": "lighttpd"}, {"packageVersion": "1.4.13-4etch7", "operator": "lt", "OS": "Debian", "OSVersion": "4", "arch": "arm", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.13-4etch7_arm.deb", "packageName": "lighttpd-mod-mysql-vhost"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "ia64", "OSVersion": "4", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_ia64.deb", "operator": "lt", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "arch": "powerpc", "OS": "Debian", "OSVersion": "4", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_powerpc.deb", "operator": "lt", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_amd64.deb", "OS": "Debian", "OSVersion": "4", "operator": "lt", "arch": "amd64", "packageName": "lighttpd-mod-cml"}, {"packageFilename": "lighttpd-mod-magnet_1.4.13-4etch7_powerpc.deb", "packageVersion": "1.4.13-4etch7", "arch": "powerpc", "OS": "Debian", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-magnet"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "OSVersion": "4", "operator": "lt", "arch": "hppa", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_hppa.deb", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "operator": "lt", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch7_arm.deb", "OS": "Debian", "OSVersion": "4", "arch": "arm", "packageName": "lighttpd-mod-magnet"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "ia64", "OSVersion": "4", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch7_ia64.deb", "operator": "lt", "packageName": "lighttpd-mod-magnet"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_powerpc.deb", "arch": "powerpc", "OS": "Debian", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "operator": "lt", "OS": "Debian", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_arm.deb", "OSVersion": "4", "arch": "arm", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.13-4etch7_hppa.deb", "OSVersion": "4", "operator": "lt", "arch": "hppa", "packageName": "lighttpd-mod-mysql-vhost"}, {"arch": "sparc", "packageVersion": "1.4.13-4etch7", "OS": "Debian", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_sparc.deb", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "OSVersion": "4", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_i386.deb", "arch": "i386", "operator": "lt", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "ia64", "packageFilename": "lighttpd-mod-webdav_1.4.13-4etch7_ia64.deb", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-webdav"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch7_s390.deb", "OS": "Debian", "arch": "s390", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-magnet"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "OSVersion": "4", "arch": "mips", "operator": "lt", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_mips.deb", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "s390", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_s390.deb", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageFilename": "lighttpd_1.4.13-4etch7_powerpc.deb", "packageVersion": "1.4.13-4etch7", "arch": "powerpc", "OS": "Debian", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.13-4etch7_mips.deb", "OSVersion": "4", "operator": "lt", "arch": "mips", "packageName": "lighttpd-mod-mysql-vhost"}, {"arch": "sparc", "packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch7_sparc.deb", "OS": "Debian", "OSVersion": "4", "operator": "lt", "packageName": "lighttpd-mod-magnet"}, {"packageVersion": "1.4.13-4etch7", "operator": "lt", "OS": "Debian", "OSVersion": "4", "arch": "i386", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch7_i386.deb", "packageName": "lighttpd-mod-magnet"}, {"packageVersion": "1.4.13-4etch7", "packageFilename": "lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_mips.deb", "OS": "Debian", "OSVersion": "4", "operator": "lt", "arch": "mips", "packageName": "lighttpd-mod-trigger-b4-dl"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "OSVersion": "4", "packageFilename": "lighttpd-mod-magnet_1.4.13-4etch7_mips.deb", "operator": "lt", "arch": "mips", "packageName": "lighttpd-mod-magnet"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "OSVersion": "4", "arch": "i386", "operator": "lt", "packageFilename": "lighttpd-mod-cml_1.4.13-4etch7_i386.deb", "packageName": "lighttpd-mod-cml"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "alpha", "OSVersion": "4", "packageFilename": "lighttpd-mod-mysql-vhost_1.4.13-4etch7_alpha.deb", "operator": "lt", "packageName": "lighttpd-mod-mysql-vhost"}, {"packageVersion": "1.4.13-4etch7", "OS": "Debian", "arch": "alpha", "OSVersion": "4", "packa