Security update for lighttpd (moderate)

2022-09-29T00:00:00

Description

An update that fixes one vulnerability is now available. Description: This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.66: * a number of bug fixes * Fix HTTP/2 downloads >= 4GiB * Fix SIGUSR1 graceful restart with TLS * futher bug fixes * CVE-2022-37797: null pointer dereference in mod_wstunnel, possibly a remotely triggerable crash (boo#1203358) * In an upcoming release the TLS modules will default to using stronger, modern chiphers and will default to allow client preference in selecting ciphers. ��CipherString�� => ��EECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384��, ��Options�� => ��-ServerPreference�� old defaults: ��CipherString�� => ��HIGH��, ��Options�� => ��ServerPreference�� * A number of TLS options are how deprecated and will be removed in a future release: �� ssl.honor-cipher-order �� ssl.dh-file �� ssl.ec-curve �� ssl.disable-client-renegotiation �� ssl.use-sslv2 �� ssl.use-sslv3 The replacement option is ssl.openssl.ssl-conf-cmd, but lighttpd defaults should be prefered * A number of modules are now deprecated and will be removed in a future release: mod_evasive, mod_secdownload, mod_uploadprogress, mod_usertrack can be replaced by mod_magnet and a few lines of lua. update to 1.4.65: * WebSockets over HTTP/2 * RFC 8441 Bootstrapping WebSockets with HTTP/2 * HTTP/2 PRIORITY_UPDATE * RFC 9218 Extensible Prioritization Scheme for HTTP * prefix/suffix conditions in lighttpd.conf * mod_webdav safe partial-PUT * webdav.opts += (��partial-put-copy-modify�� => ��enable��) * mod_accesslog option: accesslog.escaping = ��json�� * mod_deflate libdeflate build option * speed up request body uploads via HTTP/2 * Behavior Changes * change default server.max-keep-alive-requests = 1000 to adjust * to increasing HTTP/2 usage and to web2/web3 application usage * (prior default was 100) * mod_status HTML now includes HTTP/2 control stream id 0 in the output * which contains aggregate counts for the HTTP/2 connection * (These lines can be identified with URL ��*��, part of ��PRI *�� preface) * alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status * MIME type application/javascript is translated to text/javascript (RFC 9239) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10132=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10132=1

Affected Package

OS	OS Version	Package Name	Package Version
openSUSE Backports SLE	15-SP4	- opensuse backports sle	15-SP4 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP4	- opensuse backports sle	15-SP4 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP4	- opensuse backports sle	15-SP4 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP4	- opensuse backports sle	15-SP4 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP4	- opensuse backports sle	15-SP4 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP3	- opensuse backports sle	15-SP3 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP3	- opensuse backports sle	15-SP3 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP3	- opensuse backports sle	15-SP3 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP3	- opensuse backports sle	15-SP3 (aarch64 i586 ppc64le s390x x86_64):
openSUSE Backports SLE	15-SP3	- opensuse backports sle	15-SP3 (aarch64 i586 ppc64le s390x x86_64):

{"id": "OPENSUSE-SU-2022:10132-1", "vendorId": null, "type": "suse", "bulletinFamily": "unix", "title": "Security update for lighttpd (moderate)", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for lighttpd fixes the following issues:\n\n lighttpd was updated to 1.4.66:\n\n * a number of bug fixes\n * Fix HTTP/2 downloads >= 4GiB\n * Fix SIGUSR1 graceful restart with TLS\n * futher bug fixes\n * CVE-2022-37797: null pointer dereference in mod_wstunnel, possibly a\n remotely triggerable crash (boo#1203358)\n * In an upcoming release the TLS modules will default to using stronger,\n modern chiphers and will default to allow client preference in selecting\n ciphers. \ufffd\ufffd\ufffdCipherString\ufffd\ufffd\ufffd =>\n \ufffd\ufffd\ufffdEECDH+AESGCM:AES256+EECDH:CHACHA20:SHA256:!SHA384\ufffd\ufffd\ufffd, \ufffd\ufffd\ufffdOptions\ufffd\ufffd\ufffd\n => \ufffd\ufffd\ufffd-ServerPreference\ufffd\ufffd\ufffd\n old defaults: \ufffd\ufffd\ufffdCipherString\ufffd\ufffd\ufffd => \ufffd\ufffd\ufffdHIGH\ufffd\ufffd\ufffd, \ufffd\ufffd\ufffdOptions\ufffd\ufffd\ufffd =>\n \ufffd\ufffd\ufffdServerPreference\ufffd\ufffd\ufffd\n * A number of TLS options are how deprecated and will be removed in a\n future release: \ufffd\ufffd\ufffd ssl.honor-cipher-order \ufffd\ufffd\ufffd ssl.dh-file \ufffd\ufffd\ufffd\n ssl.ec-curve \ufffd\ufffd\ufffd ssl.disable-client-renegotiation \ufffd\ufffd\ufffd ssl.use-sslv2 \ufffd\ufffd\ufffd\n ssl.use-sslv3 The replacement option is ssl.openssl.ssl-conf-cmd, but\n lighttpd defaults should be prefered\n * A number of modules are now deprecated and will be removed in a future\n release: mod_evasive, mod_secdownload, mod_uploadprogress, mod_usertrack\n can be replaced by mod_magnet and a few lines of lua.\n\n update to 1.4.65:\n\n * WebSockets over HTTP/2\n * RFC 8441 Bootstrapping WebSockets with HTTP/2\n * HTTP/2 PRIORITY_UPDATE\n * RFC 9218 Extensible Prioritization Scheme for HTTP\n * prefix/suffix conditions in lighttpd.conf\n * mod_webdav safe partial-PUT\n * webdav.opts += (\ufffd\ufffd\ufffdpartial-put-copy-modify\ufffd\ufffd\ufffd => \ufffd\ufffd\ufffdenable\ufffd\ufffd\ufffd)\n * mod_accesslog option: accesslog.escaping = \ufffd\ufffd\ufffdjson\ufffd\ufffd\ufffd\n * mod_deflate libdeflate build option\n * speed up request body uploads via HTTP/2\n * Behavior Changes\n * change default server.max-keep-alive-requests = 1000 to adjust\n * to increasing HTTP/2 usage and to web2/web3 application usage\n * (prior default was 100)\n * mod_status HTML now includes HTTP/2 control stream id 0 in the output\n * which contains aggregate counts for the HTTP/2 connection\n * (These lines can be identified with URL \ufffd\ufffd\ufffd*\ufffd\ufffd\ufffd, part of \ufffd\ufffd\ufffdPRI *\ufffd\ufffd\ufffd\n preface)\n * alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status\n * MIME type application/javascript is translated to text/javascript (RFC\n 9239)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10132=1\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10132=1", "published": "2022-09-29T00:00:00", "modified": "2022-09-29T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ATUOJQDWIRALBMVI5GOSOGPZP5AWVAZF/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2022-37797"], "immutableFields": [], "lastseen": "2022-09-29T16:05:23", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-37797"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5243-1:A6710"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-37797"]}, {"type": "osv", "idList": ["OSV:DSA-5243-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-37797"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-37797", "epss": "0.001600000", "percentile": "0.508640000", "modified": "2023-03-19"}], "vulnersScore": -0.2}, "_state": {"dependencies": 1664467649, "score": 1684015195, "epss": 1679305349}, "_internal": {"score_hash": "7af9683b23e3e1e8f93f8909a5eb8701"}, "affectedPackage": [{"OS": "openSUSE Backports SLE", "OSVersion": "15-SP4", "arch": "aarch64", "operator": "lt", "packageVersion": "15-SP4 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.aarch64.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP4", "arch": "i586", "operator": "lt", "packageVersion": "15-SP4 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.i586.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP4", "arch": "ppc64le", "operator": "lt", "packageVersion": "15-SP4 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.ppc64le.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP4", "arch": "s390x", "operator": "lt", "packageVersion": "15-SP4 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.s390x.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP4", "arch": "x86_64", "operator": "lt", "packageVersion": "15-SP4 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):.x86_64.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "aarch64", "operator": "lt", "packageVersion": "15-SP3 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):.aarch64.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "i586", "operator": "lt", "packageVersion": "15-SP3 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):.i586.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "ppc64le", "operator": "lt", "packageVersion": "15-SP3 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):.ppc64le.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "s390x", "operator": "lt", "packageVersion": "15-SP3 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):.s390x.rpm", "packageName": "- opensuse backports sle"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "x86_64", "operator": "lt", "packageVersion": "15-SP3 (aarch64 i586 ppc64le s390x x86_64):", "packageFilename": "- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):.x86_64.rpm", "packageName": "- opensuse backports sle"}]}

{"cve": [{"lastseen": "2023-06-03T14:54:58", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-12T15:15:00", "type": "cve", "title": "CVE-2022-37797", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-03T01:11:00", "cpe": ["cpe:/a:lighttpd:lighttpd:1.4.65", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2022-37797", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37797", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:lighttpd:lighttpd:1.4.65:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2023-05-02T19:40:19", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3133-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Helmut Grohne\nOctober 03, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : lighttpd\nVersion : 1.4.53-4+deb10u3\nCVE ID : CVE-2022-37797\n\nAn invalid HTTP request (websocket handshake) may cause a NULL\npointer dereference in the wstunnel module.\n\nFor Debian 10 buster, this problem has been fixed in version\n1.4.53-4+deb10u3.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFor the detailed security status of lighttpd please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/lighttpd\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-03T07:47:47", "type": "debian", "title": "[SECURITY] [DLA 3133-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-10-03T07:47:47", "id": "DEBIAN:DLA-3133-1:056A2", "href": "https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-03T22:11:25", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5243-1 security@debian.org\nhttps://www.debian.org/security/ Helmut Grohne\nSeptember 28, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nCVE ID : CVE-2022-37797 CVE-2022-41556\n\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint.\n\nCVE-2022-37797\n\n An invalid HTTP request (websocket handshake) may cause a NULL\n pointer dereference in the wstunnel module.\n\nCVE-2022-41556\n\n A resource leak in mod_fastcgi and mod_scgi could lead to a denial\n of service after a large number of bad HTTP requests.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.59-1+deb11u2.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFor the detailed security status of lighttpd please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/lighttpd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-28T16:05:19", "type": "debian", "title": "[SECURITY] [DSA 5243-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-09-28T16:05:19", "id": "DEBIAN:DSA-5243-1:A6710", "href": "https://lists.debian.org/debian-security-announce/2022/msg00212.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-17T16:45:33", "description": "The version of lighttpd installed on the remote host is prior to 1.4.53-1.37. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1705 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-22T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : lighttpd (ALAS-2023-1705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2023-04-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:lighttpd", "p-cpe:/a:amazon:linux:lighttpd-debuginfo", "p-cpe:/a:amazon:linux:lighttpd-fastcgi", "p-cpe:/a:amazon:linux:lighttpd-mod_authn_gssapi", "p-cpe:/a:amazon:linux:lighttpd-mod_authn_mysql", "p-cpe:/a:amazon:linux:lighttpd-mod_authn_pam", "p-cpe:/a:amazon:linux:lighttpd-mod_geoip", "p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2023-1705.NASL", "href": "https://www.tenable.com/plugins/nessus/173282", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1705.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173282);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2022-37797\");\n\n script_name(english:\"Amazon Linux AMI : lighttpd (ALAS-2023-1705)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of lighttpd installed on the remote host is prior to 1.4.53-1.37. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2023-1705 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2023-1705.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-37797.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update lighttpd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-37797\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_authn_gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_authn_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_authn_pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'lighttpd-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-debuginfo-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-debuginfo-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-fastcgi-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-fastcgi-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_gssapi-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_gssapi-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_mysql-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_mysql-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_pam-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_pam-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_geoip-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_geoip-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_mysql_vhost-1.4.53-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_mysql_vhost-1.4.53-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-fastcgi / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:57", "description": "The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3133 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-05T00:00:00", "type": "nessus", "title": "Debian DLA-3133-1 : lighttpd - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "p-cpe:/a:debian:debian_linux:lighttpd-doc", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-ldap", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-mysql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-cml", "p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip", "p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet", "p-cpe:/a:debian:debian_linux:lighttpd-mod-mysql-vhost", "cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav", "p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap"], "id": "DEBIAN_DLA-3133.NASL", "href": "https://www.tenable.com/plugins/nessus/165654", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3133. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165654);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/02\");\n\n script_cve_id(\"CVE-2022-37797\");\n\n script_name(english:\"Debian DLA-3133-1 : lighttpd - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3133\nadvisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-37797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/lighttpd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the lighttpd packages.\n\nFor Debian 10 buster, this problem has been fixed in version 1.4.53-4+deb10u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-37797\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-mysql-vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'lighttpd', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-doc', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-gssapi', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-ldap', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-mysql', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-pam', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-authn-sasl', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-cml', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-geoip', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-magnet', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-mysql-vhost', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-trigger-b4-dl', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-vhostdb-dbi', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-vhostdb-pgsql', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-mod-webdav', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-modules-ldap', 'reference': '1.4.53-4+deb10u3'},\n {'release': '10.0', 'prefix': 'lighttpd-modules-mysql', 'reference': '1.4.53-4+deb10u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-doc / lighttpd-mod-authn-gssapi / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:56", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10132-1 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:10132-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_gssapi", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_ldap", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_pam", "p-cpe:/a:novell:opensuse:lighttpd-mod_authn_sasl", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_maxminddb", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_dbi", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_ldap", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_mysql", "p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_pgsql", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10132-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165586", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10132-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165586);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/02\");\n\n script_cve_id(\"CVE-2022-37797\");\n\n script_name(english:\"openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:10132-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:10132-1 advisory.\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203358\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ATUOJQDWIRALBMVI5GOSOGPZP5AWVAZF/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a69d85a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-37797\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-37797\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_authn_sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_vhostdb_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'lighttpd-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_gssapi-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_ldap-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_pam-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_authn_sasl-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_magnet-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_maxminddb-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_rrdtool-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_dbi-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_ldap-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_mysql-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_vhostdb_pgsql-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lighttpd-mod_webdav-1.4.66-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-mod_authn_gssapi / lighttpd-mod_authn_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:06", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5243 advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-5243-1 : lighttpd - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "p-cpe:/a:debian:debian_linux:lighttpd-doc", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam", "p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-cml", "p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate", "p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip", "p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet", "p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb", "p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls", "p-cpe:/a:debian:debian_linux:lighttpd-mod-nss", "p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql", "p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav", "p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl", "p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi", "p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap", "p-cpe:/a:debian:debian_linux:lighttpd-modules-lua", "p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5243.NASL", "href": "https://www.tenable.com/plugins/nessus/165548", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5243. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165548);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-37797\", \"CVE-2022-41556\");\n\n script_name(english:\"Debian DSA-5243-1 : lighttpd - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5243 advisory.\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/lighttpd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-37797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-41556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/lighttpd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the lighttpd packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.4.59-1+deb11u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-authn-sasl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-maxminddb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-mbedtls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-trigger-b4-dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-vhostdb-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-mod-wolfssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-dbi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd-modules-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'lighttpd', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-doc', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-gssapi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-pam', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-authn-sasl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-cml', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-deflate', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-geoip', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-magnet', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-maxminddb', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-mbedtls', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-nss', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-openssl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-trigger-b4-dl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-dbi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-vhostdb-pgsql', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-webdav', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-mod-wolfssl', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-dbi', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-ldap', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-lua', 'reference': '1.4.59-1+deb11u2'},\n {'release': '11.0', 'prefix': 'lighttpd-modules-mysql', 'reference': '1.4.59-1+deb11u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lighttpd / lighttpd-doc / lighttpd-mod-authn-gssapi / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:51", "description": "The remote host is affected by the vulnerability described in GLSA-202210-12 (Lighttpd: Denial of Service)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-31T00:00:00", "type": "nessus", "title": "GLSA-202210-12 : Lighttpd: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:lighttpd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202210-12.NASL", "href": "https://www.tenable.com/plugins/nessus/166723", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202210-12.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166723);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/31\");\n\n script_cve_id(\"CVE-2022-37797\", \"CVE-2022-41556\");\n\n script_name(english:\"GLSA-202210-12 : Lighttpd: Denial of Service\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202210-12 (Lighttpd: Denial of Service)\n\n - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request\n (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could\n be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n - A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service\n (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to\n RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected.\n This is fixed in 1.4.67. (CVE-2022-41556)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202210-12\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=869890\");\n script_set_attribute(attribute:\"solution\", value:\n\"All lighttpd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-servers/lighttpd-1.4.67\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'www-servers/lighttpd',\n 'unaffected' : make_list(\"ge 1.4.67\", \"lt 1.0.0\"),\n 'vulnerable' : make_list(\"lt 1.4.67\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Lighttpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-21T21:40:45", "description": "This Solaris system is missing necessary patches to address critical security updates :\n\n - Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (glibc)). Supported versions that are affected are 8.4, 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).\n (CVE-2022-23219)\n\n - Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (glibc)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n (CVE-2022-23218)\n\n - Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component:\n Policy (GNU Libtasn1)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy.\n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2021-46848)\n\n - Vulnerability in the Oracle Text (LibExpat) component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Index privilege with network access via Oracle Net to compromise Oracle Text (LibExpat). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Text (LibExpat). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-43680)\n\n - Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.\n CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-45061)\n\n - Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.1 Base Score 4.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).\n (CVE-2023-21900)", "cvss3": {}, "published": "2023-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46848", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-3204", "CVE-2022-3276", "CVE-2022-37797", "CVE-2022-39253", "CVE-2022-39260", "CVE-2022-3970", "CVE-2022-41556", "CVE-2022-43680", "CVE-2022-44638", "CVE-2022-45061", "CVE-2022-45063", "CVE-2022-46872", "CVE-2022-46874", "CVE-2022-46875", "CVE-2022-46878", "CVE-2022-46880", "CVE-2022-46881", "CVE-2022-46882", "CVE-2023-21900"], "modified": "2023-07-21T00:00:00", "cpe": ["cpe:/o:oracle:solaris"], "id": "SOLARIS_JAN2023_SRU11_4_53_132_2.NASL", "href": "https://www.tenable.com/plugins/nessus/170171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jan2023.\n#\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(170171);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/21\");\n\n script_cve_id(\"CVE-2021-46848\", \"CVE-2022-23218\", \"CVE-2022-23219\", \"CVE-2022-3204\", \"CVE-2022-3276\", \"CVE-2022-37797\", \"CVE-2022-39253\", \"CVE-2022-39260\", \"CVE-2022-3970\", \"CVE-2022-41556\", \"CVE-2022-43680\", \"CVE-2022-44638\", \"CVE-2022-45061\", \"CVE-2022-45063\", \"CVE-2022-46872\", \"CVE-2022-46874\", \"CVE-2022-46875\", \"CVE-2022-46878\", \"CVE-2022-46880\", \"CVE-2022-46881\", \"CVE-2022-46882\", \"CVE-2023-21900\");\n script_xref(name:\"IAVA\", value:\"2023-A-0046\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jan2023_SRU11_4_53_132_2\");\n script_summary(english:\"Check for the jan2023 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Solaris system is missing a security patch from CPU\njan2023.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Oracle Communications Session\n Border Controller product of Oracle Communications\n (component: Routing (glibc)). Supported versions that\n are affected are 8.4, 9.0 and 9.1. Difficult to exploit\n vulnerability allows unauthenticated attacker with\n network access via HTTP to compromise Oracle\n Communications Session Border Controller. Successful\n attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash\n (complete DOS) of Oracle Communications Session Border\n Controller as well as unauthorized update, insert or\n delete access to some of Oracle Communications Session\n Border Controller accessible data and unauthorized read\n access to a subset of Oracle Communications Session\n Border Controller accessible data. CVSS 3.1 Base Score\n 7.0 (Confidentiality, Integrity and Availability\n impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H).\n (CVE-2022-23219)\n\n - Vulnerability in the Oracle Communications Cloud Native\n Core Unified Data Repository product of Oracle\n Communications (component: Signaling (glibc)). The\n supported version that is affected is 22.1.1. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via HTTP to compromise\n Oracle Communications Cloud Native Core Unified Data\n Repository. Successful attacks of this vulnerability can\n result in takeover of Oracle Communications Cloud Native\n Core Unified Data Repository. CVSS 3.1 Base Score 9.8\n (Confidentiality, Integrity and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n (CVE-2022-23218)\n\n - Vulnerability in the Oracle Communications Cloud Native\n Core Policy product of Oracle Communications (component:\n Policy (GNU Libtasn1)). Supported versions that are\n affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily\n exploitable vulnerability allows unauthenticated\n attacker with network access via HTTPS to compromise\n Oracle Communications Cloud Native Core Policy.\n Successful attacks of this vulnerability can result in\n unauthorized access to critical data or complete access\n to all Oracle Communications Cloud Native Core Policy\n accessible data and unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of Oracle\n Communications Cloud Native Core Policy. CVSS 3.1 Base\n Score 9.1 (Confidentiality and Availability impacts).\n CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).\n (CVE-2021-46848)\n\n - Vulnerability in the Oracle Text (LibExpat) component of\n Oracle Database Server. Supported versions that are\n affected are 19.3-19.19 and 21.3-21.10. Easily\n exploitable vulnerability allows low privileged attacker\n having Create Session, Create Index privilege with\n network access via Oracle Net to compromise Oracle Text\n (LibExpat). Successful attacks of this vulnerability can\n result in unauthorized ability to cause a hang or\n frequently repeatable crash (complete DOS) of Oracle\n Text (LibExpat). CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-43680)\n\n - Vulnerability in the PeopleSoft Enterprise PeopleTools\n product of Oracle PeopleSoft (component: Porting\n (Python)). Supported versions that are affected are 8.59\n and 8.60. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via HTTP to\n compromise PeopleSoft Enterprise PeopleTools. Successful\n attacks of this vulnerability can result in unauthorized\n ability to cause a hang or frequently repeatable crash\n (complete DOS) of PeopleSoft Enterprise PeopleTools.\n CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).\n (CVE-2022-45061)\n\n - Vulnerability in the Oracle Solaris product of Oracle\n Systems (component: NSSwitch). Supported versions that\n are affected are 10 and 11. Difficult to exploit\n vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise\n Oracle Solaris. Successful attacks require human\n interaction from a person other than the attacker and\n while the vulnerability is in Oracle Solaris, attacks\n may significantly impact additional products (scope\n change). Successful attacks of this vulnerability can\n result in unauthorized update, insert or delete access\n to some of Oracle Solaris accessible data and\n unauthorized ability to cause a partial denial of\n service (partial DOS) of Oracle Solaris. CVSS 3.1 Base\n Score 4.0 (Integrity and Availability impacts). CVSS\n Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L).\n (CVE-2023-21900)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2920776.1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/docs/tech/security-alerts/cpujan2023cvrf.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujan2023.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the jan2023 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"11.4-11.4.53.0.1.132.2\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"11.4-11.4.53.0.1.132.2\", sru:\"11.4.53.132.2\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report2());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-06-03T20:08:23", "description": "lighttpd is vulnerable to denial of service. The vulnerability exists due to a lack of initialization when an invalide HTTP request (websocket handshake) leading to a null pointer dereference allowing an attacker to crash the system. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-17T17:55:59", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-03T06:32:03", "id": "VERACODE:37103", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37103/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-10-03T21:11:07", "description": "\nAn invalid HTTP request (websocket handshake) may cause a `NULL`\npointer dereference in the wstunnel module.\n\n\nFor Debian 10 buster, this problem has been fixed in version\n1.4.53-4+deb10u3.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\n\nFor the detailed security status of lighttpd please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/lighttpd>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-10-03T00:00:00", "type": "osv", "title": "lighttpd - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-37797"], "modified": "2022-10-03T21:11:04", "id": "OSV:DLA-3133-1", "href": "https://osv.dev/vulnerability/DLA-3133-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T06:51:14", "description": "\nSeveral vulnerabilities were discovered in lighttpd, a fast webserver\nwith minimal memory footprint.\n\n\n* [CVE-2022-37797](https://security-tracker.debian.org/tracker/CVE-2022-37797)\nAn invalid HTTP request (websocket handshake) may cause a NULL\n pointer dereference in the wstunnel module.\n* [CVE-2022-41556](https://security-tracker.debian.org/tracker/CVE-2022-41556)\nA resource leak in mod\\_fastcgi and mod\\_scgi could lead to a denial\n of service after a large number of bad HTTP requests.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.59-1+deb11u2.\n\n\nWe recommend that you upgrade your lighttpd packages.\n\n\nFor the detailed security status of lighttpd please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/lighttpd](https://security-tracker.debian.org/tracker/lighttpd)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-28T00:00:00", "type": "osv", "title": "lighttpd - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2023-06-28T06:50:30", "id": "OSV:DSA-5243-1", "href": "https://osv.dev/vulnerability/DSA-5243-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-08-15T19:47:11", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-12T15:15:00", "type": "prion", "title": "CVE-2022-37797", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-12-03T01:11:00", "id": "PRION:CVE-2022-37797", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-37797", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-07-27T18:52:42", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function\npointer if an invalid HTTP request (websocket handshake) is received. It\nleads to null pointer dereference which crashes the server. It could be\nused by an external attacker to cause denial of service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-12T00:00:00", "type": "ubuntucve", "title": "CVE-2022-37797", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-09-12T00:00:00", "id": "UB:CVE-2022-37797", "href": "https://ubuntu.com/security/CVE-2022-37797", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-03T18:12:14", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-12T15:15:00", "type": "debiancve", "title": "CVE-2022-37797", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-09-12T15:15:00", "id": "DEBIANCVE:CVE-2022-37797", "href": "https://security-tracker.debian.org/tracker/CVE-2022-37797", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2023-06-03T14:58:02", "description": "**Issue Overview:**\n\nIn lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)\n\n \n**Affected Packages:** \n\n\nlighttpd\n\n \n**Issue Correction:** \nRun _yum update lighttpd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_gssapi-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-debuginfo-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-fastcgi-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_mysql_vhost-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_mysql-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_geoip-1.4.53-1.37.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_pam-1.4.53-1.37.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 lighttpd-1.4.53-1.37.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 lighttpd-fastcgi-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_mysql-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_geoip-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_gssapi-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_authn_pam-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_mysql_vhost-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-debuginfo-1.4.53-1.37.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-1.4.53-1.37.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2022-37797](<https://access.redhat.com/security/cve/CVE-2022-37797>)\n\nMitre: [CVE-2022-37797](<https://vulners.com/cve/CVE-2022-37797>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-17T15:53:00", "type": "amazon", "title": "Important: lighttpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2023-03-22T18:51:00", "id": "ALAS-2023-1705", "href": "https://alas.aws.amazon.com/ALAS-2023-1705.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redos": [{"lastseen": "2023-09-08T14:27:37", "description": "Vulnerability of lighttpd web server is related to a null pointer dereferencing error in mod_wstunnel module\r\n module when processing invalid HTTP requests. Exploitation of the vulnerability could allow an attacker,\r\n remotely, send specially crafted HTTP requests to a vulnerable web server and execute a denial of service attack.\r\n A denial of service (DoS) attack", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-04T00:00:00", "type": "redos", "title": "ROS-20221004-02", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797"], "modified": "2022-10-04T00:00:00", "id": "ROS-20221004-02", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-lighttpd-cve-2022-37797/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-06-03T15:12:48", "description": "In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797) A resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests. (CVE-2022-41556) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-13T20:05:19", "type": "mageia", "title": "Updated lighttpd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-13T20:05:19", "id": "MGASA-2022-0369", "href": "https://advisories.mageia.org/MGASA-2022-0369.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2023-06-03T15:07:29", "description": "### Background\n\nLighttpd is a lightweight high-performance web server.\n\n### Description\n\nLighttpd's mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.\n\n### Impact\n\nAn attacker can trigger a denial of service via making Lighttpd try to call an uninitialized function pointer.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll lighttpd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/lighttpd-1.4.67\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-31T00:00:00", "type": "gentoo", "title": "Lighttpd: Denial of Service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37797", "CVE-2022-41556"], "modified": "2022-10-31T00:00:00", "id": "GLSA-202210-12", "href": "https://security.gentoo.org/glsa/202210-12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}

Security update for lighttpd (moderate)

Description

Affected Package

Related