ID OPENSUSE-SU-2014:0496-1 Type suse Reporter Suse Modified 2014-04-08T21:06:06
Description
lighttpd was updated to version 1.4.35, fixing bugs and
security issues:
CVE-2014-2323: SQL injection vulnerability in
mod_mysql_vhost.c in lighttpd allowed remote attackers to
execute arbitrary SQL commands via the host name, related
to request_check_hostname.
CVE-2014-2323: Multiple directory traversal vulnerabilities
in (1) mod_evhost and (2) mod_simple_vhost in lighttpd
allowed remote attackers to read arbitrary files via a ..
(dot dot) in the host name, related to
request_check_hostname.
More information can be found on the lighttpd advisory
page:
<a rel="nofollow" href="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2</a>
014_01.txt
Other changes:
* [network/ssl] fix build error if TLSEXT is disabled
* [mod_fastcgi] fix use after free (only triggered if
fastcgi debug is active)
* [mod_rrdtool] fix invalid read (string not null
terminated)
* [mod_dirlisting] fix memory leak if pcre fails
* [mod_fastcgi,mod_scgi] fix resource leaks on spawning
backends
* [mod_magnet] fix memory leak
* add comments for switch fall throughs
* remove logical dead code
* [buffer] fix length check in buffer_is_equal_right_len
* fix resource leaks in error cases on config parsing and
other initializations
* add force_assert() to enforce assertions as simple
assert()s are disabled by -DNDEBUG (fixes #2546)
* [mod_cml_lua] fix null pointer dereference
* force assertion: setting FD_CLOEXEC must work (if
available)
* [network] check return value of lseek()
* fix unchecked return values from
stream_open/stat_cache_get_entry
* [mod_webdav] fix logic error in handling file creation
error
* check length of unix domain socket filenames
* fix SQL injection / host name validation (thx Jann
Horn)for all the changes see
/usr/share/doc/packages/lighttpd/NEWS
{"cve": [{"lastseen": "2021-02-27T13:50:23", "description": "SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-03-14T15:55:00", "title": "CVE-2014-2323", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2323"], "modified": "2021-02-26T23:50:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:suse:linux_enterprise_high_availability_extension:11", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2014-2323", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-25T14:08:06", "description": "Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.", "edition": 8, "cvss3": {}, "published": "2014-03-14T15:55:00", "title": "CVE-2014-2324", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2324"], "modified": "2021-02-24T20:06:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:suse:linux_enterprise_high_availability_extension:11", "cpe:/o:opensuse:opensuse:11.4", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:opensuse:opensuse:12.3"], "id": "CVE-2014-2324", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:49:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "Check for the Version of lighttpd", "modified": "2017-07-10T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:867636", "href": "http://plugins.openvas.org/nasl.php?oid=867636", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2014-3887", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-3887\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867636);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 09:13:23 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-3887\");\n\n tag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\nfor high-performance environments. It has a very low memory footprint compared\nto other webservers and takes care of cpu-load. Its advanced feature-set\n(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\nit the perfect webserver-software for every server that is suffering load\nproblems.\n\";\n\n tag_affected = \"lighttpd on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3887\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130542.html\");\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:39:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:1361412562310850579", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850579", "type": "openvas", "title": "openSUSE: Security Advisory for lighttpd (openSUSE-SU-2014:0449-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850579\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 12:52:28 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"openSUSE: Security Advisory for lighttpd (openSUSE-SU-2014:0449-1)\");\n\n script_tag(name:\"affected\", value:\"lighttpd on openSUSE 13.1, openSUSE 12.3\");\n\n script_tag(name:\"insight\", value:\"lighttpd was updated to version 1.4.35, fixing bugs and\n security issues:\n\n CVE-2014-2323: SQL injection vulnerability in\n mod_mysql_vhost.c in lighttpd allowed remote attackers to\n execute arbitrary SQL commands via the host name, related\n to request_check_hostname.\n\n CVE-2014-2323: Multiple directory traversal vulnerabilities\n in (1) mod_evhost and (2) mod_simple_vhost in lighttpd\n allowed remote attackers to read arbitrary files via a ..\n (dot dot) in the host name, related to\n request_check_hostname.\n\n More information can be found on the referenced lighttpd advisory page.\n\n Other changes:\n\n * [network/ssl] fix build error if TLSEXT is disabled\n\n * [mod_fastcgi] fix use after free (only triggered if\n fastcgi debug is active)\n\n * [mod_rrdtool] fix invalid read (string not null\n terminated)\n\n * [mod_dirlisting] fix memory leak if pcre fails\n\n * [mod_fastcgi, mod_scgi] fix resource leaks on spawning\n backends\n\n * [mod_magnet] fix memory leak\n\n * add comments for switch fall throughs\n\n * remove logical dead code\n\n * [buffer] fix length check in buffer_is_equal_right_len\n\n * fix resource leaks in error cases on config parsing and\n other initializations\n\n * add force_assert() to enforce assertions as simple\n assert()s are disabled by -DNDEBUG (fixes #2546)\n\n * [mod_cml_lua] fix null pointer dereference\n\n * force assertion: setting FD_CLOEXEC must work (if\n available)\n\n * [network] check return value of lseek()\n\n * fix unchecked return values from\n stream_open/stat_cache_get_entry\n\n * [mod_webdav] fix logic error in handling file creation\n error\n\n * check length of unix domain socket filenames\n\n * fix SQL injection / host name validation (thx Jann Horn)\n for all the changes see\n /usr/share/doc/packages/lighttpd/NEWS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0449-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE12\\.3|openSUSE13\\.1)\");\n\n script_xref(name:\"URL\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debugsource\", rpm:\"lighttpd-debugsource~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_cml\", rpm:\"lighttpd-mod_cml~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_cml-debuginfo\", rpm:\"lighttpd-mod_cml-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip-debuginfo\", rpm:\"lighttpd-mod_geoip-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_magnet\", rpm:\"lighttpd-mod_magnet~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_magnet-debuginfo\", rpm:\"lighttpd-mod_magnet-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost-debuginfo\", rpm:\"lighttpd-mod_mysql_vhost-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool\", rpm:\"lighttpd-mod_rrdtool~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool-debuginfo\", rpm:\"lighttpd-mod_rrdtool-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl\", rpm:\"lighttpd-mod_trigger_b4_dl~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl-debuginfo\", rpm:\"lighttpd-mod_trigger_b4_dl-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_webdav\", rpm:\"lighttpd-mod_webdav~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_webdav-debuginfo\", rpm:\"lighttpd-mod_webdav-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debugsource\", rpm:\"lighttpd-debugsource~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_cml\", rpm:\"lighttpd-mod_cml~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_cml-debuginfo\", rpm:\"lighttpd-mod_cml-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip-debuginfo\", rpm:\"lighttpd-mod_geoip-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_magnet\", rpm:\"lighttpd-mod_magnet~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_magnet-debuginfo\", rpm:\"lighttpd-mod_magnet-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost-debuginfo\", rpm:\"lighttpd-mod_mysql_vhost-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool\", rpm:\"lighttpd-mod_rrdtool~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool-debuginfo\", rpm:\"lighttpd-mod_rrdtool-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl\", rpm:\"lighttpd-mod_trigger_b4_dl~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl-debuginfo\", rpm:\"lighttpd-mod_trigger_b4_dl-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_webdav\", rpm:\"lighttpd-mod_webdav~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_webdav-debuginfo\", rpm:\"lighttpd-mod_webdav-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:01:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120471", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120471", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-346)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120471\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:27:11 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-346)\");\n script_tag(name:\"insight\", value:\"Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.\");\n script_tag(name:\"solution\", value:\"Run yum update lighttpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-346.html\");\n script_cve_id(\"CVE-2014-2324\", \"CVE-2014-2323\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.35~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-fastcgi\", rpm:\"lighttpd-fastcgi~1.4.35~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.35~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.35~1.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "Several vulnerabilities were discovered in the lighttpd web server.\n\nCVE-2014-2323\nJann Horn discovered that specially crafted host names can be used\nto inject arbitrary MySQL queries in lighttpd servers using the\nMySQL virtual hosting module (mod_mysql_vhost).\n\nThis only affects installations with the lighttpd-mod-mysql-vhost\nbinary package installed and in use.\n\nCVE-2014-2324\nJann Horn discovered that specially crafted host names can be used\nto traverse outside of the document root under certain situations\nin lighttpd servers using either the mod_mysql_vhost, mod_evhost,\nor mod_simple_vhost virtual hosting modules.\n\nServers not using these modules are not affected.", "modified": "2019-03-19T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:1361412562310702877", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702877", "type": "openvas", "title": "Debian Security Advisory DSA 2877-1 (lighttpd - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2877.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2877-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702877\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_name(\"Debian Security Advisory DSA 2877-1 (lighttpd - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 00:00:00 +0100 (Wed, 12 Mar 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2877.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"lighttpd on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.6.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u3.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.33-1+nmu3.\n\nWe recommend that you upgrade your lighttpd packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in the lighttpd web server.\n\nCVE-2014-2323\nJann Horn discovered that specially crafted host names can be used\nto inject arbitrary MySQL queries in lighttpd servers using the\nMySQL virtual hosting module (mod_mysql_vhost).\n\nThis only affects installations with the lighttpd-mod-mysql-vhost\nbinary package installed and in use.\n\nCVE-2014-2324\nJann Horn discovered that specially crafted host names can be used\nto traverse outside of the document root under certain situations\nin lighttpd servers using either the mod_mysql_vhost, mod_evhost,\nor mod_simple_vhost virtual hosting modules.\n\nServers not using these modules are not affected.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:1361412562310867636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867636", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2014-3887", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-3887\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867636\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 09:13:23 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-3887\");\n script_tag(name:\"affected\", value:\"lighttpd on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3887\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130542.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-12T11:10:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "Check for the Version of lighttpd", "modified": "2017-12-08T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:850579", "href": "http://plugins.openvas.org/nasl.php?oid=850579", "type": "openvas", "title": "SuSE Update for lighttpd openSUSE-SU-2014:0449-1 (lighttpd)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0449_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for lighttpd openSUSE-SU-2014:0449-1 (lighttpd)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850579);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 12:52:28 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SuSE Update for lighttpd openSUSE-SU-2014:0449-1 (lighttpd)\");\n\n tag_insight = \"\n lighttpd was updated to version 1.4.35, fixing bugs and\n security issues:\n\n CVE-2014-2323: SQL injection vulnerability in\n mod_mysql_vhost.c in lighttpd allowed remote attackers to\n execute arbitrary SQL commands via the host name, related\n to request_check_hostname.\n\n CVE-2014-2323: Multiple directory traversal vulnerabilities\n in (1) mod_evhost and (2) mod_simple_vhost in lighttpd\n allowed remote attackers to read arbitrary files via a ..\n (dot dot) in the host name, related to\n request_check_hostname.\n\n More information can be found on the lighttpd advisory\n page:\n <a rel='nofollow' href='http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2'>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2\n 014_01.txt\n\n Other changes:\n * [network/ssl] fix build error if TLSEXT is disabled\n * [mod_fastcgi] fix use after free (only triggered if\n fastcgi debug is active)\n * [mod_rrdtool] fix invalid read (string not null\n terminated)\n * [mod_dirlisting] fix memory leak if pcre fails\n * [mod_fastcgi,mod_scgi] fix resource leaks on spawning\n backends\n * [mod_magnet] fix memory leak\n * add comments for switch fall throughs\n * remove logical dead code\n * [buffer] fix length check in buffer_is_equal_right_len\n * fix resource leaks in error cases on config parsing and\n other initializations\n * add force_assert() to enforce assertions as simple\n assert()s are disabled by -DNDEBUG (fixes #2546)\n * [mod_cml_lua] fix null pointer dereference\n * force assertion: setting FD_CLOEXEC must work (if\n available)\n * [network] check return value of lseek()\n * fix unchecked return values from\n stream_open/stat_cache_get_entry\n * [mod_webdav] fix logic error in handling file creation\n error\n * check length of unix domain socket filenames\n * fix SQL injection / host name validation (thx Jann Horn)\n for all the changes see\n /usr/share/doc/packages/lighttpd/NEWS\";\n\n tag_affected = \"lighttpd on openSUSE 13.1, openSUSE 12.3\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0449_1\");\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-debugsource\", rpm:\"lighttpd-debugsource~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_cml\", rpm:\"lighttpd-mod_cml~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_cml-debuginfo\", rpm:\"lighttpd-mod_cml-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_geoip-debuginfo\", rpm:\"lighttpd-mod_geoip-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_magnet\", rpm:\"lighttpd-mod_magnet~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_magnet-debuginfo\", rpm:\"lighttpd-mod_magnet-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost-debuginfo\", rpm:\"lighttpd-mod_mysql_vhost-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool\", rpm:\"lighttpd-mod_rrdtool~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool-debuginfo\", rpm:\"lighttpd-mod_rrdtool-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl\", rpm:\"lighttpd-mod_trigger_b4_dl~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl-debuginfo\", rpm:\"lighttpd-mod_trigger_b4_dl-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_webdav\", rpm:\"lighttpd-mod_webdav~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_webdav-debuginfo\", rpm:\"lighttpd-mod_webdav-debuginfo~1.4.35~6.9.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE13.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-debugsource\", rpm:\"lighttpd-debugsource~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_cml\", rpm:\"lighttpd-mod_cml~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_cml-debuginfo\", rpm:\"lighttpd-mod_cml-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_geoip-debuginfo\", rpm:\"lighttpd-mod_geoip-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_magnet\", rpm:\"lighttpd-mod_magnet~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_magnet-debuginfo\", rpm:\"lighttpd-mod_magnet-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost-debuginfo\", rpm:\"lighttpd-mod_mysql_vhost-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool\", rpm:\"lighttpd-mod_rrdtool~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool-debuginfo\", rpm:\"lighttpd-mod_rrdtool-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl\", rpm:\"lighttpd-mod_trigger_b4_dl~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl-debuginfo\", rpm:\"lighttpd-mod_trigger_b4_dl-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_webdav\", rpm:\"lighttpd-mod_webdav~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lighttpd-mod_webdav-debuginfo\", rpm:\"lighttpd-mod_webdav-debuginfo~1.4.35~2.9.1\", rls:\"openSUSE13.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:39:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-04-10T00:00:00", "id": "OPENVAS:1361412562310850583", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850583", "type": "openvas", "title": "openSUSE: Security Advisory for lighttpd (openSUSE-SU-2014:0496-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850583\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-10 13:36:04 +0530 (Thu, 10 Apr 2014)\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"openSUSE: Security Advisory for lighttpd (openSUSE-SU-2014:0496-1)\");\n\n script_tag(name:\"affected\", value:\"lighttpd on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"lighttpd was updated to version 1.4.35, fixing bugs and\n security issues:\n\n CVE-2014-2323: SQL injection vulnerability in\n mod_mysql_vhost.c in lighttpd allowed remote attackers to\n execute arbitrary SQL commands via the host name, related\n to request_check_hostname.\n\n CVE-2014-2323: Multiple directory traversal vulnerabilities\n in (1) mod_evhost and (2) mod_simple_vhost in lighttpd\n allowed remote attackers to read arbitrary files via a ..\n (dot dot) in the host name, related to\n request_check_hostname.\n\n More information can be found on the referenced lighttpd advisory\n page.\n\n Other changes:\n\n * [network/ssl] fix build error if TLSEXT is disabled\n\n * [mod_fastcgi] fix use after free (only triggered if\n fastcgi debug is active)\n\n * [mod_rrdtool] fix invalid read (string not null\n terminated)\n\n * [mod_dirlisting] fix memory leak if pcre fails\n\n * [mod_fastcgi, mod_scgi] fix resource leaks on spawning\n backends\n\n * [mod_magnet] fix memory leak\n\n * add comments for switch fall throughs\n\n * remove logical dead code\n\n * [buffer] fix length check in buffer_is_equal_right_len\n\n * fix resource leaks in error cases on config parsing and\n other initializations\n\n * add force_assert() to enforce assertions as simple\n assert()s are disabled by -DNDEBUG (fixes #2546)\n\n * [mod_cml_lua] fix null pointer dereference\n\n * force assertion: setting FD_CLOEXEC must work (if\n available)\n\n * [network] check return value of lseek()\n\n * fix unchecked return values from\n stream_open/stat_cache_get_entry\n\n * [mod_webdav] fix logic error in handling file creation\n error\n\n * check length of unix domain socket filenames\n\n * fix SQL injection / host name validation (thx Jann\n Horn)for all the changes see\n /usr/share/doc/packages/lighttpd/NEWS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0496-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n script_xref(name:\"URL\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debugsource\", rpm:\"lighttpd-debugsource~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_cml\", rpm:\"lighttpd-mod_cml~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_cml-debuginfo\", rpm:\"lighttpd-mod_cml-debuginfo~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip-debuginfo\", rpm:\"lighttpd-mod_geoip-debuginfo~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_magnet\", rpm:\"lighttpd-mod_magnet~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_magnet-debuginfo\", rpm:\"lighttpd-mod_magnet-debuginfo~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost-debuginfo\", rpm:\"lighttpd-mod_mysql_vhost-debuginfo~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool\", rpm:\"lighttpd-mod_rrdtool~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_rrdtool-debuginfo\", rpm:\"lighttpd-mod_rrdtool-debuginfo~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl\", rpm:\"lighttpd-mod_trigger_b4_dl~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_trigger_b4_dl-debuginfo\", rpm:\"lighttpd-mod_trigger_b4_dl-debuginfo~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_webdav\", rpm:\"lighttpd-mod_webdav~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_webdav-debuginfo\", rpm:\"lighttpd-mod_webdav-debuginfo~1.4.35~41.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-03T00:00:00", "id": "OPENVAS:1361412562310867639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867639", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2014-3947", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-3947\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867639\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-03 09:35:56 +0530 (Thu, 03 Apr 2014)\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-3947\");\n script_tag(name:\"affected\", value:\"lighttpd on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3947\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130538.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.35~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-08-02T10:48:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "Several vulnerabilities were discovered in the lighttpd web server.\n\nCVE-2014-2323 \nJann Horn discovered that specially crafted host names can be used\nto inject arbitrary MySQL queries in lighttpd servers using the\nMySQL virtual hosting module (mod_mysql_vhost).\n\nThis only affects installations with the lighttpd-mod-mysql-vhost\nbinary package installed and in use.\n\nCVE-2014-2324 \nJann Horn discovered that specially crafted host names can be used\nto traverse outside of the document root under certain situations\nin lighttpd servers using either the mod_mysql_vhost, mod_evhost,\nor mod_simple_vhost virtual hosting modules.\n\nServers not using these modules are not affected.", "modified": "2017-07-18T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:702877", "href": "http://plugins.openvas.org/nasl.php?oid=702877", "type": "openvas", "title": "Debian Security Advisory DSA 2877-1 (lighttpd - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2877.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 2877-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"lighttpd on Debian Linux\";\ntag_insight = \"lighttpd is a small webserver and fast webserver developed with\nsecurity in mind and a lot of features.\nIt has support for\n\n* CGI, FastCGI and SSI\n* virtual hosts\n* URL rewriting\n* authentication (plain files, htpasswd, ldap)\n* transparent content compression\n* conditional configuration\n\nand configuration is straight-forward and easy.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.6.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u3.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.33-1+nmu3.\n\nWe recommend that you upgrade your lighttpd packages.\";\ntag_summary = \"Several vulnerabilities were discovered in the lighttpd web server.\n\nCVE-2014-2323 \nJann Horn discovered that specially crafted host names can be used\nto inject arbitrary MySQL queries in lighttpd servers using the\nMySQL virtual hosting module (mod_mysql_vhost).\n\nThis only affects installations with the lighttpd-mod-mysql-vhost\nbinary package installed and in use.\n\nCVE-2014-2324 \nJann Horn discovered that specially crafted host names can be used\nto traverse outside of the document root under certain situations\nin lighttpd servers using either the mod_mysql_vhost, mod_evhost,\nor mod_simple_vhost virtual hosting modules.\n\nServers not using these modules are not affected.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702877);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_name(\"Debian Security Advisory DSA 2877-1 (lighttpd - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-03-12 00:00:00 +0100 (Wed, 12 Mar 2014)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2877.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.28-2+squeeze1.6\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-07-21T21:59:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "This host is running Lighttpd and is prone to multiple vulnerabilities.", "modified": "2020-07-16T00:00:00", "published": "2014-05-13T00:00:00", "id": "OPENVAS:1361412562310802072", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802072", "type": "openvas", "title": "Lighttpd Multiple vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Lighttpd Multiple vulnerabilities\n#\n# Authors:\n# Veerendra G.G <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:lighttpd:lighttpd\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802072\");\n script_version(\"2020-07-16T08:52:35+0000\");\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_bugtraq_id(66153, 66157);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 08:52:35 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-13 12:18:43 +0530 (Tue, 13 May 2014)\");\n script_name(\"Lighttpd Multiple vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running Lighttpd and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted HTTP GET request and check whether it responds with error\n message.\");\n\n script_tag(name:\"insight\", value:\"- mod_mysql_vhost module not properly sanitizing user supplied input passed\n via the hostname.\n\n - mod_evhost and mod_simple_vhost modules not properly sanitizing user supplied\n input via the hostname.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary SQL\n commands and remote attackers to read arbitrary files via hostname.\");\n\n script_tag(name:\"affected\", value:\"Lighttpd version before 1.4.35.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 1.4.35 or later.\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/oss-sec/2014/q1/561\");\n script_xref(name:\"URL\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\");\n\n script_category(ACT_ATTACK);\n script_family(\"Web Servers\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"sw_lighttpd_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"lighttpd/installed\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! get_app_location( port:port, cpe:CPE ) )\n exit( 0 );\n\nres = http_get_cache( item:\"/\", port:port );\n\n## Exit if normal request is bad request to avoid FP\nif( !res || res =~ \"^HTTP/1\\.[01] 400\" )\n exit( 0 );\n\nfiles = traversal_files( \"linux\" );\n\nforeach file( keys( files ) ) {\n\n req = 'GET /' + files[file] + ' HTTP/1.1' + '\\r\\n' +\n 'Host: [::1]/../../../../../../../' + '\\r\\n\\r\\n';\n res = http_keepalive_send_recv( port:port, data:req, bodyonly:FALSE );\n\n # nb: Patched response\n if( ! res || res =~ \"^HTTP/1\\.[01] 400\" )\n continue;\n\n # nb: Vulnerable lighttpd response\n if( res =~ \"(root:.*:0:[01]:|^HTTP/1\\.[01] 404)\" ) {\n security_message( port:port );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. ", "modified": "2014-03-25T08:14:59", "published": "2014-03-25T08:14:59", "id": "FEDORA:D4486218BD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: lighttpd-1.4.35-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. ", "modified": "2014-03-25T08:15:56", "published": "2014-03-25T08:15:56", "id": "FEDORA:283D621A17", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: lighttpd-1.4.35-1.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:43:05", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "The HTTP server lighttpd was updated to fix the following\n security issues:\n\n * CVE-2014-2323: SQL injection vulnerability in\n mod_mysql_vhost.c in lighttpd allowed remote attackers to\n execute arbitrary SQL commands via the host name.\n * CVE-2014-2323: Multiple directory traversal\n vulnerabilities in mod_evhost and mod_simple_vhost in\n lighttpd allowed remote attackers to read arbitrary files\n via .. (dot dot) in the host name.\n\n More information can be found on the lighttpd advisory\n page:\n <a rel=\"nofollow\" href=\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2\">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2</a>\n 014_01.txt\n <<a rel=\"nofollow\" href=\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_\">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_</a>\n 2014_01.txt>\n\n Security Issues references:\n\n * CVE-2014-2323\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323</a>\n >\n * CVE-2014-2324\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324</a>\n >\n\n", "edition": 1, "modified": "2014-04-03T19:04:18", "published": "2014-04-03T19:04:18", "id": "SUSE-SU-2014:0474-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html", "type": "suse", "title": "Security update for lighttpd (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:39:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "lighttpd was updated to version 1.4.35, fixing bugs and\n security issues:\n\n CVE-2014-2323: SQL injection vulnerability in\n mod_mysql_vhost.c in lighttpd allowed remote attackers to\n execute arbitrary SQL commands via the host name, related\n to request_check_hostname.\n\n CVE-2014-2323: Multiple directory traversal vulnerabilities\n in (1) mod_evhost and (2) mod_simple_vhost in lighttpd\n allowed remote attackers to read arbitrary files via a ..\n (dot dot) in the host name, related to\n request_check_hostname.\n\n More information can be found on the lighttpd advisory\n page:\n <a rel=\"nofollow\" href=\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2\">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2</a>\n 014_01.txt\n\n Other changes:\n * [network/ssl] fix build error if TLSEXT is disabled\n * [mod_fastcgi] fix use after free (only triggered if\n fastcgi debug is active)\n * [mod_rrdtool] fix invalid read (string not null\n terminated)\n * [mod_dirlisting] fix memory leak if pcre fails\n * [mod_fastcgi,mod_scgi] fix resource leaks on spawning\n backends\n * [mod_magnet] fix memory leak\n * add comments for switch fall throughs\n * remove logical dead code\n * [buffer] fix length check in buffer_is_equal_right_len\n * fix resource leaks in error cases on config parsing and\n other initializations\n * add force_assert() to enforce assertions as simple\n assert()s are disabled by -DNDEBUG (fixes #2546)\n * [mod_cml_lua] fix null pointer dereference\n * force assertion: setting FD_CLOEXEC must work (if\n available)\n * [network] check return value of lseek()\n * fix unchecked return values from\n stream_open/stat_cache_get_entry\n * [mod_webdav] fix logic error in handling file creation\n error\n * check length of unix domain socket filenames\n * fix SQL injection / host name validation (thx Jann Horn)\n for all the changes see\n /usr/share/doc/packages/lighttpd/NEWS\n\n", "edition": 1, "modified": "2014-03-26T17:04:44", "published": "2014-03-26T17:04:44", "id": "OPENSUSE-SU-2014:0449-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html", "title": "lighttpd to 1.4.35 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:16:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2877-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMarch 12, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nCVE ID : CVE-2014-2323 CVE-2014-2324\nDebian Bug : 741493\n\nSeveral vulnerabilities were discovered in the lighttpd web server.\n\nCVE-2014-2323\n\n Jann Horn discovered that specially crafted host names can be used\n to inject arbitrary MySQL queries in lighttpd servers using the\n MySQL virtual hosting module (mod_mysql_vhost).\n\n This only affects installations with the lighttpd-mod-mysql-vhost\n binary package installed and in use.\n\nCVE-2014-2324\n\n Jann Horn discovered that specially crafted host names can be used\n to traverse outside of the document root under certain situations\n in lighttpd servers using either the mod_mysql_vhost, mod_evhost,\n or mod_simple_vhost virtual hosting modules.\n\n Servers not using these modules are not affected.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.6.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u3.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.33-1+nmu3.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2014-03-13T04:28:52", "published": "2014-03-13T04:28:52", "id": "DEBIAN:DSA-2877-1:CD2D1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00048.html", "title": "[SECURITY] [DSA 2877-1] lighttpd security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "**Issue Overview:**\n\nMultiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.\n\nSQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.\n\n \n**Affected Packages:** \n\n\nlighttpd\n\n \n**Issue Correction:** \nRun _yum update lighttpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n lighttpd-mod_geoip-1.4.35-1.9.amzn1.i686 \n lighttpd-fastcgi-1.4.35-1.9.amzn1.i686 \n lighttpd-1.4.35-1.9.amzn1.i686 \n lighttpd-debuginfo-1.4.35-1.9.amzn1.i686 \n lighttpd-mod_mysql_vhost-1.4.35-1.9.amzn1.i686 \n \n src: \n lighttpd-1.4.35-1.9.amzn1.src \n \n x86_64: \n lighttpd-mod_mysql_vhost-1.4.35-1.9.amzn1.x86_64 \n lighttpd-debuginfo-1.4.35-1.9.amzn1.x86_64 \n lighttpd-fastcgi-1.4.35-1.9.amzn1.x86_64 \n lighttpd-mod_geoip-1.4.35-1.9.amzn1.x86_64 \n lighttpd-1.4.35-1.9.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-06-03T14:50:00", "published": "2014-06-03T14:50:00", "id": "ALAS-2014-346", "href": "https://alas.aws.amazon.com/ALAS-2014-346.html", "title": "Medium: lighttpd", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "SQL injection, directory traversal.", "edition": 1, "modified": "2014-03-24T00:00:00", "published": "2014-03-24T00:00:00", "id": "SECURITYVULNS:VULN:13626", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13626", "title": "lighttpd security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2877-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMarch 12, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : lighttpd\r\nCVE ID : CVE-2014-2323 CVE-2014-2324\r\nDebian Bug : 741493\r\n\r\nSeveral vulnerabilities were discovered in the lighttpd web server.\r\n\r\nCVE-2014-2323\r\n\r\n Jann Horn discovered that specially crafted host names can be used\r\n to inject arbitrary MySQL queries in lighttpd servers using the\r\n MySQL virtual hosting module (mod_mysql_vhost).\r\n\r\n This only affects installations with the lighttpd-mod-mysql-vhost\r\n binary package installed and in use.\r\n\r\nCVE-2014-2324\r\n\r\n Jann Horn discovered that specially crafted host names can be used\r\n to traverse outside of the document root under certain situations\r\n in lighttpd servers using either the mod_mysql_vhost, mod_evhost,\r\n or mod_simple_vhost virtual hosting modules.\r\n\r\n Servers not using these modules are not affected.\r\n\r\nFor the oldstable distribution (squeeze), these problems have been fixed in\r\nversion 1.4.28-2+squeeze1.6.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 1.4.31-4+deb7u3.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 1.4.33-1+nmu3.\r\n\r\nWe recommend that you upgrade your lighttpd packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTISlcAAoJELjWss0C1vRzdLsf/1umcpRFMVfpb8kJhN9f+KiN\r\nqDASrwyL92FjUknXMP3PjeromIVODaPsCRK9C6zzeCCbNhk97Q2B2fFGVgEVaMmr\r\nv52T6PMyQy0bmWHy1O/aC30JBK5CAs0f/IWscqdKvNsOOTx+lVyWRsdRQfK059i1\r\notvQBsh25ro7jTGXcK1JA1ZTlpr41tmJoTyZR7npY5pEpVq9R9Sjyf/rnKv9RZHW\r\nMJaH3mD8J3gSlQyI+Ff8mAaCI2eMfBUocbAgRZRUwD1jGAM8OSr+PhmTTuMZTUq+\r\nvsa68sLUwUiS10/nJVZDqH5TTcEgs9f1MnOpuBGtpdtw1pMAF51j73crEiJwXpUl\r\njIFvPvBopU1I6EQ2NEz8rj+WCbFeY6kE2FdZmJzUCG5qzBb07Uj0mAgIu8jr1XCJ\r\niEo6ngK3PWrG+8gWl2z7yUT8IrTYValb6Al1rr2NeW3QlfBgSSRtKtpYJ+QU4Jb4\r\n+/7wMUTTwN4G3OzeugB1541CH6KaVSR+1R7BaI+sLvPwf4CSQB3SY04nwRdoYJGg\r\nLa92sLzDI6tc0ETtgApa7akWYvpTcb940SYnUrjz56TOUUdfnDh1ELseFgVAHScz\r\nGqiiPcXm17C7O1SVjUq4VO6NAGgwoBBGdwozK1+FoiSka353rnPB4Sf6pGK9Z/ng\r\nM41qbfBEvSRyUi+6Y4tipRujgRceZwPzXa/ASEGNv98apXaLcMPFhcq5EY7VEY3u\r\nxsAqswdbGUea817rm0XO4A20rwCxCatU61ftDHmsrhwqf2HRzfCgYvFx9JF0S36P\r\nJllrmZqt2wwoZDDQZFKimFGd+UAvRzIjW+Gj3Z1a3LGzn/eRj756TsCZh3D/hGdx\r\niBYYZoYY1DYJ1myL0m4MJxugVkMIAEerVcWVzAjDd6lKhFHLHpa6WPQENEYBw9ek\r\nClB7bPLRwXiy2UGk4akMznl/vsMhzj++p/zN07sLnZWMLEvxSggGmiFhE9+IHvCp\r\nWFJsvc0+miqyJboy7GX3rjNGAoc7yvwsdPm4wwpGJSqC8N/ZDkUCYe5nHmcHt79f\r\nzo/5lUOa87RW/RlrToCig4adXbwk6AKWaoBu7k+C2+VZeIGqHS2oeZrAYhVHDt/A\r\nomFUi2wCN8kQPqDuX8e0EXH+AfinBs+vqB9pavFgMYverqrIoXeL3PPC9XqhAvAf\r\n6yIj9HqFNmLCfBtw3JRLFnnzeErPJvR5/FNYh1yeW/OR8b2B5mnyYeU038aB/j3A\r\n/zsrRABWKdfvb2tTA5cl6DhxBaPKjUJ29ha6325QOLinhbbInKqRrMMjUDqdS2Cy\r\nQD5D2wHpd7ZMbhsa9FDklWnoKcbn5dWp0dUnfkhG8biZsU8bBEdY8gwJS0gD468=\r\n=z7Zk\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-03-24T00:00:00", "published": "2014-03-24T00:00:00", "id": "SECURITYVULNS:DOC:30381", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30381", "title": "[SECURITY] [DSA 2877-1] lighttpd security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-12T10:12:36", "description": "1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324 \n\n[1] http://seclists.org/oss-sec/2014/q1/561 [2]\nhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\n[3] http://www.lighttpd.net/2014/3/12/1.4.35/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2014-03-26T00:00:00", "title": "Fedora 20 : lighttpd-1.4.35-1.fc20 (2014-3887)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "modified": "2014-03-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-3887.NASL", "href": "https://www.tenable.com/plugins/nessus/73193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3887.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73193);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_bugtraq_id(66153, 66157);\n script_xref(name:\"FEDORA\", value:\"2014-3887\");\n\n script_name(english:\"Fedora 20 : lighttpd-1.4.35-1.fc20 (2014-3887)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324 \n\n[1] http://seclists.org/oss-sec/2014/q1/561 [2]\nhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\n[3] http://www.lighttpd.net/2014/3/12/1.4.35/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\"\n );\n # http://seclists.org/oss-sec/2014/q1/561\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2014/q1/561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.lighttpd.net/2014/3/12/1.4.35/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1075710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1075711\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130542.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2667c15d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"lighttpd-1.4.35-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T03:35:04", "description": "According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.35. It is, therefore, affected by the following\nvulnerabilities :\n\n - A SQL injection flaw exists in the 'mod_mysql_vhost'\n module where user input passed using the hostname is not\n properly sanitized. A remote attacker can exploit this\n to inject or manipulate SQL queries, resulting in the\n manipulation or disclosure of data. (CVE-2014-2323)\n\n - A traverse outside of restricted path flaw exists with\n the 'mod_evhost' and 'mod_simple_vhost' modules where\n user input passed using the hostname is not properly\n sanitized. A remote attacker can exploit this to gain\n access to potentially sensitive data. (CVE-2014-2324)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 30, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2014-03-20T00:00:00", "title": "lighttpd < 1.4.35 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:lighttpd:lighttpd"], "id": "LIGHTTPD_1_4_35.NASL", "href": "https://www.tenable.com/plugins/nessus/73123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73123);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_bugtraq_id(66153, 66157);\n\n script_name(english:\"lighttpd < 1.4.35 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.35. It is, therefore, affected by the following\nvulnerabilities :\n\n - A SQL injection flaw exists in the 'mod_mysql_vhost'\n module where user input passed using the hostname is not\n properly sanitized. A remote attacker can exploit this\n to inject or manipulate SQL queries, resulting in the\n manipulation or disclosure of data. (CVE-2014-2323)\n\n - A traverse outside of restricted path flaw exists with\n the 'mod_evhost' and 'mod_simple_vhost' modules where\n user input passed using the hostname is not properly\n sanitized. A remote attacker can exploit this to gain\n access to potentially sensitive data. (CVE-2014-2324)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.lighttpd.net/2014/3/12/1.4.35/\");\n # https://web.archive.org/web/20140829152551/http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2959\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?08be46ff\");\n script_set_attribute(attribute:\"see_also\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\");\n # http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.34_fix_mysql_injection.patch\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c57451b6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.35. Alternatively, apply the\nvendor-supplied patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.35\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{sqli:TRUE});\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:27:29", "description": "lighttpd was updated to version 1.4.35, fixing bugs and security\nissues :\n\nCVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in\nlighttpd allowed remote attackers to execute arbitrary SQL commands\nvia the host name, related to request_check_hostname.\n\nCVE-2014-2323: Multiple directory traversal vulnerabilities in (1)\nmod_evhost and (2) mod_simple_vhost in lighttpd allowed remote\nattackers to read arbitrary files via a .. (dot dot) in the host name,\nrelated to request_check_hostname.\n\nMore information can be found on the lighttpd advisory page:\nhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt \n\nOther changes :\n\n - [network/ssl] fix build error if TLSEXT is disabled\n\n - [mod_fastcgi] fix use after free (only triggered if\n fastcgi debug is active)\n\n - [mod_rrdtool] fix invalid read (string not null\n terminated)\n\n - [mod_dirlisting] fix memory leak if pcre fails\n\n - [mod_fastcgi,mod_scgi] fix resource leaks on spawning\n backends\n\n - [mod_magnet] fix memory leak\n\n - add comments for switch fall throughs\n\n - remove logical dead code\n\n - [buffer] fix length check in buffer_is_equal_right_len\n\n - fix resource leaks in error cases on config parsing and\n other initializations\n\n - add force_assert() to enforce assertions as simple\n assert()s are disabled by -DNDEBUG (fixes #2546)\n\n - [mod_cml_lua] fix NULL pointer dereference\n\n - force assertion: setting FD_CLOEXEC must work (if\n available)\n\n - [network] check return value of lseek()\n\n - fix unchecked return values from\n stream_open/stat_cache_get_entry\n\n - [mod_webdav] fix logic error in handling file creation\n error\n\n - check length of unix domain socket filenames\n\n - fix SQL injection / host name validation (thx Jann Horn)\n for all the changes see\n /usr/share/doc/packages/lighttpd/NEWS", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : lighttpd (openSUSE-SU-2014:0449-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_geoip-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_geoip", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-debugsource", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl"], "id": "OPENSUSE-2014-257.NASL", "href": "https://www.tenable.com/plugins/nessus/75308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-257.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75308);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_bugtraq_id(66153, 66157);\n\n script_name(english:\"openSUSE Security Update : lighttpd (openSUSE-SU-2014:0449-1)\");\n script_summary(english:\"Check for the openSUSE-2014-257 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"lighttpd was updated to version 1.4.35, fixing bugs and security\nissues :\n\nCVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in\nlighttpd allowed remote attackers to execute arbitrary SQL commands\nvia the host name, related to request_check_hostname.\n\nCVE-2014-2323: Multiple directory traversal vulnerabilities in (1)\nmod_evhost and (2) mod_simple_vhost in lighttpd allowed remote\nattackers to read arbitrary files via a .. (dot dot) in the host name,\nrelated to request_check_hostname.\n\nMore information can be found on the lighttpd advisory page:\nhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt \n\nOther changes :\n\n - [network/ssl] fix build error if TLSEXT is disabled\n\n - [mod_fastcgi] fix use after free (only triggered if\n fastcgi debug is active)\n\n - [mod_rrdtool] fix invalid read (string not null\n terminated)\n\n - [mod_dirlisting] fix memory leak if pcre fails\n\n - [mod_fastcgi,mod_scgi] fix resource leaks on spawning\n backends\n\n - [mod_magnet] fix memory leak\n\n - add comments for switch fall throughs\n\n - remove logical dead code\n\n - [buffer] fix length check in buffer_is_equal_right_len\n\n - fix resource leaks in error cases on config parsing and\n other initializations\n\n - add force_assert() to enforce assertions as simple\n assert()s are disabled by -DNDEBUG (fixes #2546)\n\n - [mod_cml_lua] fix NULL pointer dereference\n\n - force assertion: setting FD_CLOEXEC must work (if\n available)\n\n - [network] check return value of lseek()\n\n - fix unchecked return values from\n stream_open/stat_cache_get_entry\n\n - [mod_webdav] fix logic error in handling file creation\n error\n\n - check length of unix domain socket filenames\n\n - fix SQL injection / host name validation (thx Jann Horn)\n for all the changes see\n /usr/share/doc/packages/lighttpd/NEWS\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00094.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_geoip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-debuginfo-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-debugsource-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_cml-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_cml-debuginfo-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_geoip-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_magnet-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_rrdtool-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_webdav-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.35-6.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-debuginfo-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-debugsource-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_cml-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_cml-debuginfo-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_geoip-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_magnet-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_rrdtool-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_webdav-1.4.35-2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.35-2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:01:04", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - SQL injection vulnerability in mod_mysql_vhost.c in\n lighttpd before 1.4.35 allows remote attackers to\n execute arbitrary SQL commands via the host name,\n related to request_check_hostname. (CVE-2014-2323)\n\n - Multiple directory traversal vulnerabilities in (1)\n mod_evhost and (2) mod_simple_vhost in lighttpd before\n 1.4.35 allow remote attackers to read arbitrary files\n via a .. (dot dot) in the host name, related to\n request_check_hostname. (CVE-2014-2324)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : lighttpd (multiple_vulnerabilities_in_lighttpd)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "modified": "2015-01-19T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:lighttpd"], "id": "SOLARIS11_LIGHTTPD_20140715.NASL", "href": "https://www.tenable.com/plugins/nessus/80698", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80698);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : lighttpd (multiple_vulnerabilities_in_lighttpd)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - SQL injection vulnerability in mod_mysql_vhost.c in\n lighttpd before 1.4.35 allows remote attackers to\n execute arbitrary SQL commands via the host name,\n related to request_check_hostname. (CVE-2014-2323)\n\n - Multiple directory traversal vulnerabilities in (1)\n mod_evhost and (2) mod_simple_vhost in lighttpd before\n 1.4.35 allow remote attackers to read arbitrary files\n via a .. (dot dot) in the host name, related to\n request_check_hostname. (CVE-2014-2324)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-lighttpd\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae7b8ea0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.21.4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:lighttpd\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^lighttpd$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.21.0.4.1\", sru:\"SRU 11.1.21.4.1\") > 0) flag++;\n\nif (flag)\n{\n set_kb_item(name:'www/0/SQLi', value:TRUE);\n error_extra = 'Affected package : lighttpd\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"lighttpd\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T01:23:15", "description": "Multiple directory traversal vulnerabilities in (1) mod_evhost and (2)\nmod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to\nread arbitrary files via a .. (dot dot) in the host name, related to\nrequest_check_hostname.\n\nSQL injection vulnerability in mod_mysql_vhost.c in lighttpd before\n1.4.35 allows remote attackers to execute arbitrary SQL commands via\nthe host name, related to request_check_hostname.", "edition": 26, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : lighttpd (ALAS-2014-346)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:lighttpd-mod_geoip", "p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost", "p-cpe:/a:amazon:linux:lighttpd-debuginfo", "p-cpe:/a:amazon:linux:lighttpd-fastcgi", "p-cpe:/a:amazon:linux:lighttpd", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-346.NASL", "href": "https://www.tenable.com/plugins/nessus/78289", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-346.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78289);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_xref(name:\"ALAS\", value:\"2014-346\");\n\n script_name(english:\"Amazon Linux AMI : lighttpd (ALAS-2014-346)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple directory traversal vulnerabilities in (1) mod_evhost and (2)\nmod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to\nread arbitrary files via a .. (dot dot) in the host name, related to\nrequest_check_hostname.\n\nSQL injection vulnerability in mod_mysql_vhost.c in lighttpd before\n1.4.35 allows remote attackers to execute arbitrary SQL commands via\nthe host name, related to request_check_hostname.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-346.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update lighttpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-1.4.35-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-debuginfo-1.4.35-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-fastcgi-1.4.35-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-mod_geoip-1.4.35-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-mod_mysql_vhost-1.4.35-1.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-fastcgi / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:22", "description": "Several vulnerabilities were discovered in the lighttpd web server.\n\n - CVE-2014-2323\n Jann Horn discovered that specially crafted host names\n can be used to inject arbitrary MySQL queries in\n lighttpd servers using the MySQL virtual hosting module\n (mod_mysql_vhost).\n\n This only affects installations with the lighttpd-mod-mysql-vhost\n binary package installed and in use.\n\n - CVE-2014-2324\n Jann Horn discovered that specially crafted host names\n can be used to traverse outside of the document root\n under certain situations in lighttpd servers using\n either the mod_mysql_vhost, mod_evhost, or\n mod_simple_vhost virtual hosting modules.\n\n Servers not using these modules are not affected.", "edition": 16, "published": "2014-03-14T00:00:00", "title": "Debian DSA-2877-1 : lighttpd - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "modified": "2014-03-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:lighttpd", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2877.NASL", "href": "https://www.tenable.com/plugins/nessus/72992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2877. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72992);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_bugtraq_id(66153, 66157);\n script_xref(name:\"DSA\", value:\"2877\");\n\n script_name(english:\"Debian DSA-2877-1 : lighttpd - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the lighttpd web server.\n\n - CVE-2014-2323\n Jann Horn discovered that specially crafted host names\n can be used to inject arbitrary MySQL queries in\n lighttpd servers using the MySQL virtual hosting module\n (mod_mysql_vhost).\n\n This only affects installations with the lighttpd-mod-mysql-vhost\n binary package installed and in use.\n\n - CVE-2014-2324\n Jann Horn discovered that specially crafted host names\n can be used to traverse outside of the document root\n under certain situations in lighttpd servers using\n either the mod_mysql_vhost, mod_evhost, or\n mod_simple_vhost virtual hosting modules.\n\n Servers not using these modules are not affected.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/lighttpd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/lighttpd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2877\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1.4.28-2+squeeze1.6.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.4.31-4+deb7u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd\", reference:\"1.4.28-2+squeeze1.6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-doc\", reference:\"1.4.28-2+squeeze1.6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.28-2+squeeze1.6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.28-2+squeeze1.6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.28-2+squeeze1.6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.28-2+squeeze1.6\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.28-2+squeeze1.6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd\", reference:\"1.4.31-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-doc\", reference:\"1.4.31-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.31-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.31-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.31-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.31-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.31-4+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:36", "description": "1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324 \n\n[1] http://seclists.org/oss-sec/2014/q1/561 [2]\nhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\n[3] http://www.lighttpd.net/2014/3/12/1.4.35/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2014-03-26T00:00:00", "title": "Fedora 19 : lighttpd-1.4.35-1.fc19 (2014-3947)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2323", "CVE-2014-2324"], "modified": "2014-03-26T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:lighttpd"], "id": "FEDORA_2014-3947.NASL", "href": "https://www.tenable.com/plugins/nessus/73194", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3947.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73194);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2323\", \"CVE-2014-2324\");\n script_bugtraq_id(66153, 66157);\n script_xref(name:\"FEDORA\", value:\"2014-3947\");\n\n script_name(english:\"Fedora 19 : lighttpd-1.4.35-1.fc19 (2014-3947)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324 \n\n[1] http://seclists.org/oss-sec/2014/q1/561 [2]\nhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\n[3] http://www.lighttpd.net/2014/3/12/1.4.35/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt\"\n );\n # http://seclists.org/oss-sec/2014/q1/561\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2014/q1/561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.lighttpd.net/2014/3/12/1.4.35/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1075710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1075711\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130538.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d55626a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"lighttpd-1.4.35-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:55:49", "description": "The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-06-16T00:00:00", "title": "GLSA-201406-10 : lighttpd: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "modified": "2014-06-16T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:lighttpd"], "id": "GENTOO_GLSA-201406-10.NASL", "href": "https://www.tenable.com/plugins/nessus/76062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76062);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);\n script_xref(name:\"GLSA\", value:\"201406-10\");\n\n script_name(english:\"GLSA-201406-10 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.35\"), vulnerable:make_list(\"lt 1.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:34:51", "description": "BUGTRAQ ID: 66153\r\nCVE(CAN) ID: CVE-2014-2323\r\n\r\nLighttpd\u662f\u4e00\u6b3e\u8f7b\u578b\u7684\u5f00\u653e\u6e90\u7801Web Server\u8f6f\u4ef6\u5305\u3002\r\n\r\n\u7531\u4e8e\u7a0b\u5e8f\u5728\u8fdb\u884cSQL\u67e5\u8be2\u524d\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5371\u53ca\u5e94\u7528\u7a0b\u5e8f\uff0c\u8bbf\u95ee\u6216\u4fee\u6539\u6570\u636e\uff0c\u6216\u5229\u7528\u5e95\u5c42\u6570\u636e\u5e93\u4e2d\u6f5c\u5728\u7684\u6f0f\u6d1e\u3002\n0\nlighttpd <1.4.35\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.lighttpd.net", "published": "2014-03-28T00:00:00", "type": "seebug", "title": "lighttpd 'mod_mysql_vhost.c' SQL\u6ce8\u5165\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2323"], "modified": "2014-03-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61980", "id": "SSV:61980", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:30:04", "description": "CVE ID\uff1aCVE-2014-2324\r\n\r\nLighttpd\u662f\u5fb7\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005Jan Kneschke\u6240\u7814\u53d1\u7684\u4e00\u6b3e\u5f00\u6e90\u7684Web\u670d\u52a1\u5668\uff0c\u5b83\u7684\u4e3b\u8981\u7279\u70b9\u662f\u4ec5\u9700\u5c11\u91cf\u7684\u5185\u5b58\u53caCPU\u8d44\u6e90\u5373\u53ef\u8fbe\u5230\u540c\u7c7b\u7f51\u9875\u670d\u52a1\u5668\u7684\u6027\u80fd\u3002 \r\n\r\nlighttpd mod_evhost\u548cmod_simple_vhost\u865a\u62df\u4e3b\u673a\u6a21\u5757\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u4e3b\u673a\u540d\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\n0\nlighttpd\n\u76ee\u524d\u5382\u5546\u6682\u65e0\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttp://www.lighttpd.net/2014/3/12/1.4.35/", "published": "2014-03-19T00:00:00", "title": "lighttpd\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2324"], "modified": "2014-03-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61850", "id": "SSV:61850", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": ""}], "kitploit": [{"lastseen": "2021-01-18T01:38:11", "bulletinFamily": "tools", "cvelist": ["CVE-2014-0133", "CVE-2014-2323", "CVE-2011-1720", "CVE-2016-8864", "CVE-2016-2848", "CVE-2017-14106", "CVE-2017-14140", "CVE-2013-4547", "CVE-2014-2324", "CVE-2016-9131", "CVE-2015-3200", "CVE-2017-14156", "CVE-2012-0811", "CVE-2011-0411"], "description": " \n\n\n[  ](<https://1.bp.blogspot.com/-e3DIGymt-0Y/WbFs8bRpiRI/AAAAAAAAIxE/-2FNHk9ApEUmOlNr6p1yG7AIjuAt3Z4AgCLcBGAs/s1600/Vision2.png>)\n\n \nNmap's XML result parse and NVD's CPE correlation to search CVE. You can use that to find public [ vulnerabilities ](<https://www.kitploit.com/search/label/vulnerabilities>) in services... \n \n\n \n \n Nmap\\s XML result parser and NVD's CPE correlation to search CVE\n \n Example:\n python vision2.py -f result_scan.xml -l 3 -o txt\n \n Coded by Mthbernades and CoolerVoid\n \n - https://github.com/mthbernardes\n - https://github.com/CoolerVoid\n \n usage: vision2.py [-h] -f NMAPFILE [-l LIMIT] [-o OUTPUT]\n vision2.py: error: argument -f/--nmap-file is required\n\n \n** Example of results: ** \n\n \n \n $ python Vision-cpe.py -f result_scan.xml -l 3 -o txt\n \n ::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid\n Host: 127.0.0.1\n Port: 53\n cpe:/a:isc:bind:9.8.1:p1\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2016-9131\n Description: named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2016-8864\n Description: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2016-2848\n Description: ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.\n ::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid\n \n Host: 127.0.0.1\n Port: 22\n cpe:/o:linux:linux_kernel\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14156\n Description: The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14140\n Description: The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14106\n Description: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.\n \n \n ::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid\n \n Host: 127.0.0.1\n Port: 53\n cpe:/a:isc:bind:none\n \n \n ::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid\n \n Host: 127.0.0.1\n Port: 80\n cpe:/a:igor_sysoev:nginx:1.4.1\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2014-0133\n Description: Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4547\n Description: nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.\n \n \n ::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid\n \n Host: 127.0.0.1\n Port: 465\n cpe:/a:postfix:postfix\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2012-0811\n Description: Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2011-1720\n Description: The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2011-0411\n Description: The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack.\n \n \n ::::: Vision v0.1 - nmap NVD's cpe correlation - Coded by CoolerVoid\n \n Host: 127.0.0.1\n Port: 8443\n cpe:/a:lighttpd:lighttpd\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2015-3200\n Description: mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2014-2324\n Description: Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.\n \n URL: https://nvd.nist.gov/vuln/detail/CVE-2014-2323\n Description: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.\n \n \n ...\n \n\n \n** Common questions: ** \n \n** How to write XML output on [ Nmap ](<https://www.kitploit.com/search/label/Nmap>) ? ** \n[ https://nmap.org/book/output-formats-xml-output.html ](<https://nmap.org/book/output-formats-xml-output.html>) \n \n** What is a CPE ? ** \n[ https://nmap.org/book/output-formats-cpe.html ](<https://nmap.org/book/output-formats-cpe.html>) \n[ https://nvd.nist.gov/products/cpe ](<https://nvd.nist.gov/products/cpe>) \n \n** What is a CVE ? ** \n[ https://cve.mitre.org/ ](<https://cve.mitre.org/>) \n \n \n\n\n** [ Download Vision2 ](<https://github.com/CoolerVoid/Vision2>) **\n", "edition": 32, "modified": "2017-09-10T16:38:09", "published": "2017-09-10T16:38:09", "id": "KITPLOIT:1420567869239222035", "href": "http://www.kitploit.com/2017/09/vision2-nmaps-xml-result-parse-and-nvds.html", "title": "Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE", "type": "kitploit", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "jvn": [{"lastseen": "2021-03-02T16:01:41", "bulletinFamily": "info", "cvelist": ["CVE-2021-20659", "CVE-2013-4508", "CVE-2014-2323", "CVE-2013-4560", "CVE-2021-20662", "CVE-2021-20661", "CVE-2014-2324", "CVE-2021-20658", "CVE-2011-0762", "CVE-2013-4559", "CVE-2021-20660", "CVE-2021-20657", "CVE-2011-4362", "CVE-2021-20656"], "description": "\n ## Description\n\nSolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.\n\n * **Exposure of information through directory listing ([CWE-548](<https://cwe.mitre.org/data/definitions/548.html>))** \\- CVE-2021-20656 CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | **Base Score: 3.5** \n---|---|--- \nCVSS v2 | AV:A/AC:L/Au:S/C:P/I:N/A:N | **Base Score: 2.7** \n * **Improper access control ([CWE-284](<https://cwe.mitre.org/data/definitions/284.html>))** \\- CVE-2021-20657 CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | **Base Score: 4.6** \n---|---|--- \nCVSS v2 | AV:A/AC:L/Au:S/C:P/I:P/A:N | **Base Score: 4.1** \n * **OS command injection ([CWE-78](<https://cwe.mitre.org/data/definitions/78.html>))** \\- CVE-2021-20658 CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | **Base Score: 6.3** \n---|---|--- \nCVSS v2 | AV:A/AC:L/Au:N/C:P/I:P/A:P | **Base Score: 5.8** \n * **Unrestricted upload of file with dangerous type ([CWE-434](<https://cwe.mitre.org/data/definitions/434.html>))** \\- CVE-2021-20659 CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | **Base Score: 5.5** \n---|---|--- \nCVSS v2 | AV:A/AC:L/Au:S/C:P/I:P/A:P | **Base Score: 5.2** \n * **Cross-site scripting ([CWE-79](<https://cwe.mitre.org/data/definitions/79.html>))** \\- CVE-2021-20660 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | **Base Score: 6.1** \n---|---|--- \nCVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | **Base Score: 4.3** \n * **Directory traversal ([CWE-23](<https://cwe.mitre.org/data/definitions/23.html>))** \\- CVE-2021-20661 CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H | **Base Score: 6.3** \n---|---|--- \nCVSS v2 | AV:A/AC:L/Au:S/C:N/I:P/A:P | **Base Score: 4.1** \n * **Missing authentication for critical function ([CWE-306](<https://cwe.mitre.org/data/definitions/306.html>))** \\- CVE-2021-20662 CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | **Base Score: 4.3** \n---|---|--- \nCVSS v2 | AV:A/AC:L/Au:N/C:N/I:P/A:N | **Base Score: 3.3** \n * **Using components with known vulnerabilities ([CWE-1035](<https://cwe.mitre.org/data/definitions/1035.html>))** \\- CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324 \nThe product uses previous versions of vsfpd and lighttpd with known vulnerabilities.\n\n ## Impact\n\n * An attacker who can log in to the product may obtain the information inside the system, e.g. directories and/or file configurations - CVE-2021-20656\n * An attacker who can log in to the product may obtain and/or alter the setting information without the access privileges. Also, an attacker with the administrative privilege may log in to the product and perform an unintended operation - CVE-2021-20657\n * An attacker may execute an arbitrary OS command with the web server privilege. Also, an attacker with the administrative privilege may log in to the product and perform an unintended operation - CVE-2021-20658\n * An attacker who can log in to the product may upload arbitrary files. If the file is PHP script, the attacker may execute arbitrary code - CVE-2021-20659\n * An arbitrary script may be executed on a logged-in user's web browser - CVE-2021-20660\n * An attacker who can log in to the product may delete arbitrary files and/or directories on the server - CVE-2021-20661\n * An attacker who can log in to the product may alter the setting information without the access privileges - CVE-2021-20662\n * An attack may be conducted by exploiting known vulnerabilities - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324\n\n ## Solution\n\n**Update the Firmware** \nUpdate the firmware to the latest version according to the information provided by the developer. \nThese vulnerabilities have been already addressed in the following firmware version. \n\n * SolarView Compact \n * SV-CPT-MC310 Ver.6.50 \n\n ## Products Affected\n\n * SolarView Compact \n * SV-CPT-MC310 prior to Ver.6.5\n", "edition": 3, "modified": "2021-02-25T00:00:00", "published": "2021-02-19T00:00:00", "id": "JVN:37417423", "href": "http://jvn.jp/en/jp/JVN37417423/index.html", "title": "JVN#37417423: Multiple vulnerabilities in SolarView Compact", "type": "jvn", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "edition": 1, "description": "### Background\n\nlighttpd is a lightweight high-performance web server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could create a Denial of Service condition. Futhermore, a remote attacker may be able to execute arbitrary SQL statements. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll lighttpd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/lighttpd-1.4.35\"", "modified": "2014-06-13T00:00:00", "published": "2014-06-13T00:00:00", "id": "GLSA-201406-10", "href": "https://security.gentoo.org/glsa/201406-10", "type": "gentoo", "title": "lighttpd: Multiple vulnerabilities", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
