Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:24275
HistoryDec 01, 2011 - 12:00 a.m.

lighttpd mod_auth模块base64 拒绝服务漏洞

2011-12-0100:00:00
Root
www.seebug.org
82

0.026 Low

EPSS

Percentile

89.1%

JSON

CVE-2011-4362

Lighttpd是一款轻型的开放源码Web Server软件包。

lighttpd在认证数据的解码实现上存在漏洞,攻击者可能利用此漏洞使应用程序崩溃造成拒绝服务。

http_auth.c中的代码在base64解码用户输入的认证数据时使用"const char *in"类型,并将每个字符转换为"int ch"作为映射表的索引,大于0x80的字符就会导致负索引,可能造成非法内存访问。

lighttpd <=1.4.29
厂商补丁:

LightTPD

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.lighttpd.net/


                                                ---
static const short base64_reverse_table[256] = ...;
static unsigned char * base64_decode(buffer *out, const char *in) {
    ...
    int ch, ...;
    size_t i;
    ...
    
        ch = in[i];
        ...
        ch = base64_reverse_table[ch];
    ...
}
---

Related

seebug 3
openvas 10
ubuntucve 1
exploitpack 1
freebsd 1
debiancve 1
fedora 2
nessus 10
securityvulns 3
cve 1
amazon 1
prion 1
exploitdb 1
osv 1
debian 2
gentoo 1
ibm 1
jvn 1
seebug
seebug
Lighttpd Proof of Concept code for CVE-2011-4362
2012-01-02 00:00:00
Lighttpd 1.4.30 / 1.5 Denial Of Service
2011-12-27 00:00:00
lighttpd Denial of Service Vulnerability PoC
2014-07-01 00:00:00
openvas
openvas
FreeBSD Ports: lighttpd
2012-02-13 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-107)
2015-09-08 00:00:00
FreeBSD Ports: lighttpd
2012-02-13 00:00:00
ubuntucve
ubuntucve
CVE-2011-4362
2011-12-24 00:00:00
exploitpack
exploitpack
lighttpd - Denial of Service (PoC)
2011-12-31 00:00:00
freebsd
freebsd
lighttpd -- remote DoS in HTTP authentication
2011-11-29 00:00:00
debiancve
debiancve
CVE-2011-4362
2011-12-24 19:55:00
fedora
fedora
[SECURITY] Fedora 17 Update: lighttpd-1.4.31-1.fc17
2012-06-26 00:44:26
[SECURITY] Fedora 16 Update: lighttpd-1.4.31-1.fc16
2012-06-26 00:31:28
nessus
nessus
Amazon Linux AMI : lighttpd (ALAS-2012-107)
2013-09-04 00:00:00
Fedora 17 : lighttpd-1.4.31-1.fc17 (2012-9040)
2012-06-26 00:00:00
lighttpd < 1.4.30 base64_decode Function Out-of-Bounds Read Error DoS
2011-12-28 00:00:00
securityvulns
securityvulns
Lighttpd Proof of Concept code for CVE-2011-4362
2012-01-02 00:00:00
lighthttpd security vulnerabilities
2012-01-02 00:00:00
[SECURITY] [DSA 2368-1] lighttpd security update
2011-12-26 00:00:00
cve
cve
CVE-2011-4362
2011-12-24 19:55:00
amazon
amazon
Medium: lighttpd
2012-07-09 14:20:00
prion
prion
Integer overflow
2011-12-24 19:55:00
exploitdb
exploitdb
lighttpd - Denial of Service (PoC)
2011-12-31 00:00:00
osv
osv
lighttpd - several
2011-12-20 00:00:00
debian
debian
[SECURITY] [DSA 2368-1] lighttpd security update
2011-12-21 00:24:51
[SECURITY] [DSA 2381-] lighttpd security update
2011-12-21 00:02:46
gentoo
gentoo
lighttpd: Multiple vulnerabilities
2014-06-13 00:00:00
ibm
ibm
Security Bulletin: IBM System x Integrated Management Module (IMM) Lighttpd W (CVE-2011-4362, CVE-2010-0295, CVE-2008-4360, CVE-2008-4359, CVE-20084298, CVE-2008-1531)
2019-01-30 08:20:01
jvn
jvn
JVN#37417423: Multiple vulnerabilities in SolarView Compact
2021-02-19 00:00:00

0.026 Low

EPSS

Percentile

89.1%

JSON
Related for SSV:24275
seebug3openvas10ubuntucve1exploitpack1freebsd1debiancve1fedora2nessus10securityvulns3cve1amazon1prion1exploitdb1osv1debian2gentoo1ibm1jvn1