ID UB:CVE-2013-4508 Type ubuntucve Reporter ubuntu.com Modified 2013-11-08T00:00:00
Description
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers,
which makes it easier for remote attackers to hijack sessions by inserting
packets into the client-server data stream or obtain sensitive information
by sniffing the network.
{"cve": [{"lastseen": "2022-03-23T13:39:36", "description": "lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-11-08T04:47:00", "type": "cve", "title": "CVE-2013-4508", "cwe": ["CWE-326"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508"], "modified": "2021-02-26T15:11:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:lighttpd:lighttpd:1.4.33", "cpe:/o:opensuse:opensuse:12.3", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:opensuse:opensuse:12.2", "cpe:/o:debian:debian_linux:6.0"], "id": "CVE-2013-4508", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4508", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:lighttpd:lighttpd:1.4.33:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-03-26T15:37:38", "description": "lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-11-08T04:47:00", "type": "debiancve", "title": "CVE-2013-4508", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508"], "modified": "2013-11-08T04:47:00", "id": "DEBIANCVE:CVE-2013-4508", "href": "https://security-tracker.debian.org/tracker/CVE-2013-4508", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2795-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nNovember 13, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : lighttpd\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2013-4508 CVE-2013-4559 CVE-2013-4560\r\nDebian Bug : 729453\r\n\r\nSeveral vulnerabilities have been discovered in the lighttpd web server.\r\n\r\nCVE-2013-4508\r\n\r\n It was discovered that lighttpd uses weak ssl ciphers when SNI (Server\r\n Name Indication) is enabled. This issue was solved by ensuring that\r\n stronger ssl ciphers are used when SNI is selected.\r\n\r\nCVE-2013-4559\r\n\r\n The clang static analyzer was used to discover privilege escalation\r\n issues due to missing checks around lighttpd's setuid, setgid, and\r\n setgroups calls. Those are now appropriately checked.\r\n\r\nCVE-2013-4560\r\n\r\n The clang static analyzer was used to discover a use-after-free issue\r\n when the FAM stat cache engine is enabled, which is now fixed.\r\n\r\nFor the oldstable distribution (squeeze), these problems have been fixed in\r\nversion 1.4.28-2+squeeze1.4.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 1.4.31-4+deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion lighttpd_1.4.33-1+nmu1.\r\n\r\nWe recommend that you upgrade your lighttpd packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.15 (GNU/Linux)\r\n\r\niQQcBAEBCgAGBQJSgxenAAoJELjWss0C1vRzHPsgALdWQO7rsEWwjjP8fbQxsnTb\r\n7iNsBV66hCZ6W2xlSo8rVysE1QDqAptwwX3Xq0JHteM9edFlSUTyR8ir6P7Y1ISY\r\nRnBJBj3b52m+Ni/9itsiCsO+nxTwy7YI9E/mFX4/fqHBsBZ/bm/cLOcdE9pnBTyx\r\nGHMR4i1IsvrBNH0hcfnAWf2mlvX24Mvu2ViLJsPN9pjJIVtmuMFAh1LLfKvwJ104\r\ncBAMocie4KW7UtWTt6/cdXd306Sd4UbR/X5QVenvBLeFqoTStftXf91SvNjKzfO4\r\nup23uZ+CADam0mGoqDf5YnvUeCNjvKIDgHUFKMWcQ3lJgX1vOwkUP5+3WDHUI5Y+\r\nEFGYzf2/k2XL7cHykFXjHgIYrbpRHSru6attY2cC8dqMkPB6bkqXkErC3bZL67TX\r\n7Gfdm/ruVpjE3JUrxGbA9nfXYr2L2lysouTgkuP7BDB4gPYRQvmVNIaj9QXbQ66D\r\ns89PfkkHM1jqBM7+mhzanBcntf4c0buB2FwWZV9tKBel2Q0fxOTCpn1seerJzWwR\r\nWF7Ivl234rqm8AQil/KOFfx5LEd2hnfLEm04na9ujy6dzHEIP5jQ5qlckJYWj6br\r\n0bF5UnQu1I+A8z67NFdBdWgyzar0XNXkgGALPM1/59OquVKuWbqUrsZvxxv288ku\r\nFXuNnzkCs8eXGGJIl5CKABfTh7AfOXMd9dCYyDw6sA7ZlTjW/tebjrFGbyUqv5Ny\r\nZA6aweTymAzXLZ7md7hHHYDuVMLJQuLRel3DPlbThhrxa8sMsn7r51CnMS9WDxnY\r\nmwX1xpWdykttmWad6cv4K3sr73+N5SDQfaxES/Q0QVUvWjsmFYEF7aibcobaiRoO\r\n1lpZe1ThsCokR7l/o+Ja2X+sSC6mA8M+SJ83u8sfFC/Z40r3+l0sV8W7a8dQNXdt\r\ns3mGMZsFpBqcvbHNmqL11eziNekuB7W+Tngk/5cJQ07f149JtvW7yJs7X64nSmER\r\np9smvZWC0CwKuWw8U6YwvIwcZgfGjfzUlcgMmD0n+jNtymVXbDDWyxBKuGXc1JMJ\r\n6SFw59/0YgidhP8SVvQ+a2BcgO7c+Ks7uz2dcuSPvsU8CCn1XLDzApcWNzkuUjsz\r\n7oYf10AkJ770BeMg7OzmZV1lHP3JXTZeM13ae9Y+14nq0ykY4hPGcEJN15K7Esnk\r\n1uNrI8cmAK+5IkgsjEkUidF7xvsfrMX/Fu3f0uMXZCOl+Rest5yHzncqe3V/CfG6\r\nOpLsHr+unMRZ107p8xSmV/CpzWuuR9rRNdH9Cle7omjF066nP/J8KskS5zWTJoPw\r\nzmJuow5+H2uiffE+Q29u6WgCNOEp2XXrgXNLxH6RXJiSIHk//3vwrw+tPRe8D+M=\r\n=cCF1\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2013-11-18T00:00:00", "title": "[SECURITY] [DSA 2795-1] lighttpd security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2013-11-18T00:00:00", "id": "SECURITYVULNS:DOC:30003", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30003", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:53", "description": "Protection bypass, privilege escalation, memory corruption.", "edition": 1, "cvss3": {}, "published": "2013-11-18T00:00:00", "title": "lighttpd multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2013-11-18T00:00:00", "id": "SECURITYVULNS:VULN:13405", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13405", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2022-04-16T14:02:05", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.34. It is, therefore, affected by the following vulnerabilities :\n\n - When Server Name Indication (SNI) is enabled, a flaw exists that could cause the application to use all available SSL ciphers, including weak ciphers. Remote attackers could potentially hijack sessions or obtain sensitive information by sniffing the network.\n Note only versions 1.4.24 to 1.4.33 are affected.\n (CVE-2013-4508)\n\n - A flaw exists in the clang static analyzer because it fails to perform checks around setuid (1), setgid (2), and setgroups (3) calls. This could allow a remote attacker to gain elevated privileges. (CVE-2013-4559)\n\n - A use-after-free error exists in the clang static analyzer, when the FAM stat cache engine is enabled.\n This could allow remote attackers to dereference already freed memory and crash the program.\n (CVE-2013-4560)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-03-05T00:00:00", "type": "nessus", "title": "lighttpd < 1.4.34 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2018-07-13T00:00:00", "cpe": ["cpe:/a:lighttpd:lighttpd"], "id": "LIGHTTPD_1_4_34.NASL", "href": "https://www.tenable.com/plugins/nessus/72815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72815);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/13 15:08:46\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n\n script_name(english:\"lighttpd < 1.4.34 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of lighttpd running on the remote\nhost is prior to 1.4.34. It is, therefore, affected by the following\nvulnerabilities :\n\n - When Server Name Indication (SNI) is enabled, a flaw\n exists that could cause the application to use all\n available SSL ciphers, including weak ciphers. Remote\n attackers could potentially hijack sessions or obtain\n sensitive information by sniffing the network.\n Note only versions 1.4.24 to 1.4.33 are affected.\n (CVE-2013-4508)\n\n - A flaw exists in the clang static analyzer because it\n fails to perform checks around setuid (1), setgid (2),\n and setgroups (3) calls. This could allow a remote\n attacker to gain elevated privileges. (CVE-2013-4559)\n\n - A use-after-free error exists in the clang static\n analyzer, when the FAM stat cache engine is enabled.\n This could allow remote attackers to dereference\n already freed memory and crash the program.\n (CVE-2013-4560)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.lighttpd.net/2014/1/20/1-4-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://redmine.lighttpd.net/issues/2525\");\n script_set_attribute(attribute:\"see_also\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to lighttpd version 1.4.34 or later. Alternatively, apply the\nvendor-supplied patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/05\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:lighttpd:lighttpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lighttpd_detect.nasl\");\n script_require_keys(\"installed_sw/lighttpd\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nappname = \"lighttpd\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [{\"fixed_version\":\"1.4.34\"}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:07:23", "description": "- added cve-2013-4508.patch and cve-2013-4508-regression-bug729480.patch: (bnc#849059) When defining an ssl.cipher-list, it works for the 'default' HTTPS setup ($SERVER['socket'] 443 block), but when you utilize SNI ($HTTP['host'] blocks within the $SERVER['socket'] block) the ssl.cipher-list seems to not inherit into the host blocks and instead will default to include all of the available openssl ciphers (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use after free\n\n - added cve-2013-4508.patch and cve-2013-4508-regression-bug729480.patch: (bnc#849059) When defining an ssl.cipher-list, it works for the 'default' HTTPS setup ($SERVER['socket'] 443 block), but when you utilize SNI ($HTTP['host'] blocks within the $SERVER['socket'] block) the ssl.cipher-list seems to not inherit into the host blocks and instead will default to include all of the available openssl ciphers (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use after free\n\n - added cve-2013-4508.patch and cve-2013-4508-regression-bug729480.patch: (bnc#849059) When defining an ssl.cipher-list, it works for the 'default' HTTPS setup ($SERVER['socket'] 443 block), but when you utilize SNI ($HTTP['host'] blocks within the $SERVER['socket'] block) the ssl.cipher-list seems to not inherit into the host blocks and instead will default to include all of the available openssl ciphers (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use after free", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : lighttpd (openSUSE-SU-2014:0072-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:lighttpd", "p-cpe:/a:novell:opensuse:lighttpd-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-debugsource", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml", "p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_geoip", "p-cpe:/a:novell:opensuse:lighttpd-mod_geoip-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet", "p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost", "p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool", "p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl", "p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav", "p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo", "cpe:/o:novell:opensuse:12.2", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-43.NASL", "href": "https://www.tenable.com/plugins/nessus/75389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-43.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75389);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n\n script_name(english:\"openSUSE Security Update : lighttpd (openSUSE-SU-2014:0072-1)\");\n script_summary(english:\"Check for the openSUSE-2014-43 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - added cve-2013-4508.patch and\n cve-2013-4508-regression-bug729480.patch: (bnc#849059)\n When defining an ssl.cipher-list, it works for the\n 'default' HTTPS setup ($SERVER['socket'] 443 block), but\n when you utilize SNI ($HTTP['host'] blocks within the\n $SERVER['socket'] block) the ssl.cipher-list seems to\n not inherit into the host blocks and instead will\n default to include all of the available openssl ciphers\n (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of\n setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use\n after free\n\n - added cve-2013-4508.patch and\n cve-2013-4508-regression-bug729480.patch: (bnc#849059)\n When defining an ssl.cipher-list, it works for the\n 'default' HTTPS setup ($SERVER['socket'] 443 block), but\n when you utilize SNI ($HTTP['host'] blocks within the\n $SERVER['socket'] block) the ssl.cipher-list seems to\n not inherit into the host blocks and instead will\n default to include all of the available openssl ciphers\n (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of\n setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use\n after free\n\n - added cve-2013-4508.patch and\n cve-2013-4508-regression-bug729480.patch: (bnc#849059)\n When defining an ssl.cipher-list, it works for the\n 'default' HTTPS setup ($SERVER['socket'] 443 block), but\n when you utilize SNI ($HTTP['host'] blocks within the\n $SERVER['socket'] block) the ssl.cipher-list seems to\n not inherit into the host blocks and instead will\n default to include all of the available openssl ciphers\n (except SSL v2/v3 based if those are disabled)\n\n - added cve-2013-4559.patch (bnc#850468) check success of\n setuid,setgid,setgroups\n\n - added cve-2013-4560.patch (bnc#850469) FAM: fix use\n after free\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=850468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=850469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_cml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_geoip-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_magnet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_mysql_vhost-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_rrdtool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_trigger_b4_dl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lighttpd-mod_webdav-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-debugsource-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_cml-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_cml-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_geoip-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_magnet-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_mysql_vhost-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_rrdtool-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_webdav-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.31-4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-debugsource-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_cml-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_cml-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_geoip-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_magnet-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_mysql_vhost-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_rrdtool-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_webdav-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.31-6.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-debugsource-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_cml-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_cml-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_geoip-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_geoip-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_magnet-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_magnet-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_mysql_vhost-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_mysql_vhost-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_rrdtool-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_rrdtool-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_trigger_b4_dl-debuginfo-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_webdav-1.4.32-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"lighttpd-mod_webdav-debuginfo-1.4.32-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-debugsource / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:01:17", "description": "Enable building with PIE Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-24T00:00:00", "type": "nessus", "title": "Fedora 19 : lighttpd-1.4.34-3.fc19 (2014-2506)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-2506.NASL", "href": "https://www.tenable.com/plugins/nessus/72652", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2506.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72652);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n script_xref(name:\"FEDORA\", value:\"2014-2506\");\n\n script_name(english:\"Fedora 19 : lighttpd-1.4.34-3.fc19 (2014-2506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Enable building with PIE Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple\nsecurity fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.lighttpd.net/2014/1/20/1-4-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=879185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=955145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=994444\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128961.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1cdbb32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"lighttpd-1.4.34-3.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:01:30", "description": "Enable building with PIE Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-24T00:00:00", "type": "nessus", "title": "Fedora 20 : lighttpd-1.4.34-3.fc20 (2014-2495)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:lighttpd", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-2495.NASL", "href": "https://www.tenable.com/plugins/nessus/72651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2495.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72651);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n script_xref(name:\"FEDORA\", value:\"2014-2495\");\n\n script_name(english:\"Fedora 20 : lighttpd-1.4.34-3.fc20 (2014-2495)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Enable building with PIE Latest upstream, multiple security fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/ Latest upstream, multiple\nsecurity fixes.\n\nhttp://www.lighttpd.net/2014/1/20/1-4-34/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.lighttpd.net/2014/1/20/1-4-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1026568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=879185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=955145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=994444\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128980.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a292323\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lighttpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"lighttpd-1.4.34-3.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:01:42", "description": "lighttpd security advisories report :\n\nIt is possible to inadvertantly enable vulnerable ciphers when using ssl.cipher-list.\n\nIn certain cases setuid() and similar can fail, potentially triggering lighttpd to restart running as root.\n\nIf FAMMonitorDirectory fails, the memory intended to store the context is released; some lines below the 'version' compoment of that context is read. Reading invalid data doesn't matter, but the memory access could trigger a segfault.", "cvss3": {"score": null, "vector": null}, "published": "2014-02-14T00:00:00", "type": "nessus", "title": "FreeBSD : lighttpd -- multiple vulnerabilities (90b27045-9530-11e3-9d09-000c2980a9f3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:lighttpd", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_90B27045953011E39D09000C2980A9F3.NASL", "href": "https://www.tenable.com/plugins/nessus/72494", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72494);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n\n script_name(english:\"FreeBSD : lighttpd -- multiple vulnerabilities (90b27045-9530-11e3-9d09-000c2980a9f3)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"lighttpd security advisories report :\n\nIt is possible to inadvertantly enable vulnerable ciphers when using\nssl.cipher-list.\n\nIn certain cases setuid() and similar can fail, potentially triggering\nlighttpd to restart running as root.\n\nIf FAMMonitorDirectory fails, the memory intended to store the context\nis released; some lines below the 'version' compoment of that context\nis read. Reading invalid data doesn't matter, but the memory access\ncould trigger a segfault.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/90b27045-9530-11e3-9d09-000c2980a9f3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?17e31e6a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"lighttpd<1.4.34\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:02:31", "description": "Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.\n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.\n\nlighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : lighttpd (ALAS-2014-299)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:lighttpd", "p-cpe:/a:amazon:linux:lighttpd-debuginfo", "p-cpe:/a:amazon:linux:lighttpd-fastcgi", "p-cpe:/a:amazon:linux:lighttpd-mod_geoip", "p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-299.NASL", "href": "https://www.tenable.com/plugins/nessus/72947", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-299.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72947);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_xref(name:\"ALAS\", value:\"2014-299\");\n\n script_name(english:\"Amazon Linux AMI : lighttpd (ALAS-2014-299)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Use-after-free vulnerability in lighttpd before 1.4.33 allows remote\nattackers to cause a denial of service (segmentation fault and crash)\nvia unspecified vectors that trigger FAMMonitorDirectory failures.\n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL\nciphers, which makes it easier for remote attackers to hijack sessions\nby inserting packets into the client-server data stream or obtain\nsensitive information by sniffing the network.\n\nlighttpd before 1.4.33 does not check the return value of the (1)\nsetuid, (2) setgid, or (3) setgroups functions, which might cause\nlighttpd to run as root if it is restarted and allows remote attackers\nto gain privileges, as demonstrated by multiple calls to the clone\nfunction that cause setuid to fail when the user process limit is\nreached.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-299.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update lighttpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-fastcgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_geoip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-1.4.34-4.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-debuginfo-1.4.34-4.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-fastcgi-1.4.34-4.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-mod_geoip-1.4.34-4.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"lighttpd-mod_mysql_vhost-1.4.34-4.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd / lighttpd-debuginfo / lighttpd-fastcgi / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T18:43:24", "description": "Updated lighttpd packages fix security vulnerabilities :\n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network (CVE-2013-4508).\n\nIn lighttpd before 1.4.34, if setuid() fails for any reason, for instance if an environment limits the number of processes a user can have and the target uid already is at the limit, lighttpd will run as root. A user who can run CGI scripts could clone() often; in this case a lighttpd restart would end up with lighttpd running as root, and the CGI scripts would run as root too (CVE-2013-4559).\n\nIn lighttpd before 1.4.34, if fam is enabled and there are directories reachable from configured doc roots and aliases on which FAMMonitorDirectory fails, a remote client could trigger a DoS (CVE-2013-4560).", "cvss3": {"score": null, "vector": null}, "published": "2013-11-22T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:277)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lighttpd", "p-cpe:/a:mandriva:linux:lighttpd-mod_auth", "p-cpe:/a:mandriva:linux:lighttpd-mod_cml", "p-cpe:/a:mandriva:linux:lighttpd-mod_compress", "p-cpe:/a:mandriva:linux:lighttpd-mod_magnet", "p-cpe:/a:mandriva:linux:lighttpd-mod_mysql_vhost", "p-cpe:/a:mandriva:linux:lighttpd-mod_trigger_b4_dl", "p-cpe:/a:mandriva:linux:lighttpd-mod_webdav", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-277.NASL", "href": "https://www.tenable.com/plugins/nessus/71031", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:277. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71031);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n script_xref(name:\"MDVSA\", value:\"2013:277\");\n\n script_name(english:\"Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:277)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated lighttpd packages fix security vulnerabilities :\n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL\nciphers, which makes it easier for remote attackers to hijack sessions\nby inserting packets into the client-server data stream or obtain\nsensitive information by sniffing the network (CVE-2013-4508).\n\nIn lighttpd before 1.4.34, if setuid() fails for any reason, for\ninstance if an environment limits the number of processes a user can\nhave and the target uid already is at the limit, lighttpd will run as\nroot. A user who can run CGI scripts could clone() often; in this case\na lighttpd restart would end up with lighttpd running as root, and the\nCGI scripts would run as root too (CVE-2013-4559).\n\nIn lighttpd before 1.4.34, if fam is enabled and there are directories\nreachable from configured doc roots and aliases on which\nFAMMonitorDirectory fails, a remote client could trigger a DoS\n(CVE-2013-4560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0334.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_cml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_compress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_magnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_mysql_vhost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_trigger_b4_dl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lighttpd-mod_webdav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_auth-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_cml-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_compress-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_magnet-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_mysql_vhost-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_trigger_b4_dl-1.4.30-6.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lighttpd-mod_webdav-1.4.30-6.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T18:43:09", "description": "Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification.\n\n - CVE-2013-4508 It was discovered that lighttpd uses weak ssl ciphers when SNI (Server Name Indication) is enabled. This issue was solved by ensuring that stronger ssl ciphers are used when SNI is selected.\n\n - CVE-2013-4559 The clang static analyzer was used to discover privilege escalation issues due to missing checks around lighttpd's setuid, setgid, and setgroups calls. Those are now appropriately checked.\n\n - CVE-2013-4560 The clang static analyzer was used to discover a use-after-free issue when the FAM stat cache engine is enabled, which is now fixed.", "cvss3": {"score": null, "vector": null}, "published": "2013-11-21T00:00:00", "type": "nessus", "title": "Debian DSA-2795-2 : lighttpd - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:lighttpd", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2795.NASL", "href": "https://www.tenable.com/plugins/nessus/70982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2795. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70982);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\");\n script_bugtraq_id(63534, 63686, 63688);\n script_xref(name:\"DSA\", value:\"2795\");\n\n script_name(english:\"Debian DSA-2795-2 : lighttpd - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the lighttpd web\nserver.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\n - CVE-2013-4508\n It was discovered that lighttpd uses weak ssl ciphers\n when SNI (Server Name Indication) is enabled. This issue\n was solved by ensuring that stronger ssl ciphers are\n used when SNI is selected.\n\n - CVE-2013-4559\n The clang static analyzer was used to discover privilege\n escalation issues due to missing checks around\n lighttpd's setuid, setgid, and setgroups calls. Those\n are now appropriately checked.\n\n - CVE-2013-4560\n The clang static analyzer was used to discover a\n use-after-free issue when the FAM stat cache engine is\n enabled, which is now fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/lighttpd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/lighttpd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2795\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the lighttpd packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1.4.28-2+squeeze1.5.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.4.31-4+deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-doc\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.28-2+squeeze1.5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-doc\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-cml\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-magnet\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-mysql-vhost\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-trigger-b4-dl\", reference:\"1.4.31-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lighttpd-mod-webdav\", reference:\"1.4.31-4+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:57:06", "description": "According to its banner, the version of lighttpd running on the remote host is prior to 1.4.34. It is, therefore, affected by the following vulnerabilities :\n\n - When Server Name Indication (SNI) is enabled, a flaw exists that could cause the application to use all available SSL ciphers, including weak ciphers. Remote attackers could potentially hijack sessions or obtain sensitive information by sniffing the network. Note only versions 1.4.24 to 1.4.33 are affected. (CVE-2013-4508)\n\n - A flaw exists in the clang static analyzer because it fails to perform checks around setuid (1), setgid (2), and setgroups (3) calls. This could allow a remote attacker to gain elevated privileges. (CVE-2013-4559)\n\n - A use-after-free error exists in the clang static analyzer, when the FAM stat cache engine is enabled. This could allow remote attackers to dereference already freed memory and crash the program. (CVE-2013-4560)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "lighttpd < 1.4.34 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_112357", "href": "https://www.tenable.com/plugins/was/112357", "sourceData": "No source data", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:50:10", "description": "The remote host is affected by the vulnerability described in GLSA-201406-10 (lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL statements.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-16T00:00:00", "type": "nessus", "title": "GLSA-201406-10 : lighttpd: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4362", "CVE-2012-5533", "CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560", "CVE-2014-2323"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:lighttpd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201406-10.NASL", "href": "https://www.tenable.com/plugins/nessus/76062", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76062);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_bugtraq_id(50851, 56619, 63534, 63686, 63688, 66153);\n script_xref(name:\"GLSA\", value:\"201406-10\");\n\n script_name(english:\"GLSA-201406-10 : lighttpd: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-10\n(lighttpd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in lighttpd. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could create a Denial of Service condition.\n Futhermore, a remote attacker may be able to execute arbitrary SQL\n statements.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All lighttpd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.35'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:lighttpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/lighttpd\", unaffected:make_list(\"ge 1.4.35\"), vulnerable:make_list(\"lt 1.4.35\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lighttpd\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-25T00:00:00", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2014-2495", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867539", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-2495\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867539\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:21:23 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4559\", \"CVE-2013-4508\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-2495\");\n script_tag(name:\"affected\", value:\"lighttpd on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2495\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128980.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~3.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:00:50", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-299)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120162", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120162\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:55 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-299)\");\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.\");\n script_tag(name:\"solution\", value:\"Run yum update lighttpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-299.html\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4508\", \"CVE-2013-4559\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_geoip\", rpm:\"lighttpd-mod_geoip~1.4.34~4.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-fastcgi\", rpm:\"lighttpd-fastcgi~1.4.34~4.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-debuginfo\", rpm:\"lighttpd-debuginfo~1.4.34~4.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~4.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"lighttpd-mod_mysql_vhost\", rpm:\"lighttpd-mod_mysql_vhost~1.4.34~4.12.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:56", "description": "Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\nCVE-2013-4508\nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\nName Indication) is enabled. This issue was solved by ensuring that\nstronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559\nThe clang static analyzer was used to discover privilege escalation\nissues due to missing checks around lighttpd", "cvss3": {}, "published": "2013-11-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310892795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892795", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2795.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2795-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892795\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4560\", \"CVE-2013-4559\");\n script_name(\"Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-17 00:00:00 +0100 (Sun, 17 Nov 2013)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2795.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"lighttpd on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.\n\nFor the testing (jessie) and unstable (sid) distributions, the regression\nproblem will be fixed soon.\n\nWe recommend that you upgrade your lighttpd packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\nCVE-2013-4508\nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\nName Indication) is enabled. This issue was solved by ensuring that\nstronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559\nThe clang static analyzer was used to discover privilege escalation\nissues due to missing checks around lighttpd's setuid, setgid, and\nsetgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560\nThe clang static analyzer was used to discover a use-after-free issue\nwhen the FAM stat cache engine is enabled, which is now fixed.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-25T00:00:00", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2014-2506", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867540", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867540", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-2506\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867540\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:24:40 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4559\", \"CVE-2013-4508\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-2506\");\n script_tag(name:\"affected\", value:\"lighttpd on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2506\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128961.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lighttpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:31", "description": "Check for the Version of lighttpd", "cvss3": {}, "published": "2014-02-25T00:00:00", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2014-2506", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867540", "href": "http://plugins.openvas.org/nasl.php?oid=867540", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-2506\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867540);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:24:40 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4559\", \"CVE-2013-4508\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-2506\");\n\n tag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\nfor high-performance environments. It has a very low memory footprint compared\nto other webservers and takes care of cpu-load. Its advanced feature-set\n(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\nit the perfect webserver-software for every server that is suffering load\nproblems.\n\";\n\n tag_affected = \"lighttpd on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2506\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128961.html\");\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:38", "description": "Check for the Version of lighttpd", "cvss3": {}, "published": "2014-02-25T00:00:00", "type": "openvas", "title": "Fedora Update for lighttpd FEDORA-2014-2495", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867539", "href": "http://plugins.openvas.org/nasl.php?oid=867539", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for lighttpd FEDORA-2014-2495\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867539);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:21:23 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-4560\", \"CVE-2013-4559\", \"CVE-2013-4508\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for lighttpd FEDORA-2014-2495\");\n\n tag_insight = \"Secure, fast, compliant and very flexible web-server which has been optimized\nfor high-performance environments. It has a very low memory footprint compared\nto other webservers and takes care of cpu-load. Its advanced feature-set\n(FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make\nit the perfect webserver-software for every server that is suffering load\nproblems.\n\";\n\n tag_affected = \"lighttpd on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2495\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128980.html\");\n script_summary(\"Check for the Version of lighttpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"lighttpd\", rpm:\"lighttpd~1.4.34~3.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:51:38", "description": "Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\nCVE-2013-4508 \nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\nName Indication) is enabled. This issue was solved by ensuring that\nstronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559 \nThe clang static analyzer was used to discover privilege escalation\nissues due to missing checks around lighttpd's setuid, setgid, and\nsetgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560 \nThe clang static analyzer was used to discover a use-after-free issue\nwhen the FAM stat cache engine is enabled, which is now fixed.", "cvss3": {}, "published": "2013-11-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2013-4560", "CVE-2013-4559"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:892795", "href": "http://plugins.openvas.org/nasl.php?oid=892795", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2795.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2795-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"lighttpd on Debian Linux\";\ntag_insight = \"lighttpd is a small webserver and fast webserver developed with\nsecurity in mind and a lot of features.\nIt has support for\n\n* CGI, FastCGI and SSI\n* virtual hosts\n* URL rewriting\n* authentication (plain files, htpasswd, ldap)\n* transparent content compression\n* conditional configuration\n\nand configuration is straight-forward and easy.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.\n\nFor the testing (jessie) and unstable (sid) distributions, the regression\nproblem will be fixed soon.\n\nWe recommend that you upgrade your lighttpd packages.\";\ntag_summary = \"Several vulnerabilities have been discovered in the lighttpd web server.\n\nIt was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.\n\nCVE-2013-4508 \nIt was discovered that lighttpd uses weak ssl ciphers when SNI (Server\nName Indication) is enabled. This issue was solved by ensuring that\nstronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559 \nThe clang static analyzer was used to discover privilege escalation\nissues due to missing checks around lighttpd's setuid, setgid, and\nsetgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560 \nThe clang static analyzer was used to discover a use-after-free issue\nwhen the FAM stat cache engine is enabled, which is now fixed.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892795);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-4508\", \"CVE-2013-4560\", \"CVE-2013-4559\");\n script_name(\"Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-11-17 00:00:00 +0100 (Sun, 17 Nov 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.6\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2795.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.28-2+squeeze1.5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-doc\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-cml\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-magnet\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-mysql-vhost\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-trigger-b4-dl\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lighttpd-mod-webdav\", ver:\"1.4.31-4+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:21", "description": "Gentoo Linux Local Security Checks GLSA 201406-10", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201406-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4508", "CVE-2014-2323", "CVE-2012-5533", "CVE-2013-4560", "CVE-2013-4559", "CVE-2011-4362"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121213", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-10.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121213\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:20 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-10\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-10\");\n script_cve_id(\"CVE-2011-4362\", \"CVE-2012-5533\", \"CVE-2013-4508\", \"CVE-2013-4559\", \"CVE-2013-4560\", \"CVE-2014-2323\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-10\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-servers/lighttpd\", unaffected: make_list(\"ge 1.4.35\"), vulnerable: make_list(\"lt 1.4.35\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network (CVE-2013-4508). In lighttpd before 1.4.34, if setuid() fails for any reason, for instance if an environment limits the number of processes a user can have and the target uid already is at the limit, lighttpd will run as root. A user who can run CGI scripts could clone() often; in this case a lighttpd restart would end up with lighttpd running as root, and the CGI scripts would run as root too (CVE-2013-4559). In lighttpd before 1.4.34, if \"fam\" is enabled and there are directories reachable from configured doc roots and aliases on which FAMMonitorDirectory fails, a remote client could trigger a DoS (CVE-2013-4560). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2013-11-20T20:36:53", "type": "mageia", "title": "Updated lighttpd packages fix multiple security vulnerbilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2013-11-20T20:36:53", "id": "MGASA-2013-0334", "href": "https://advisories.mageia.org/MGASA-2013-0334.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. ", "edition": 2, "cvss3": {}, "published": "2014-02-22T18:18:47", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: lighttpd-1.4.34-3.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2014-02-22T18:18:47", "id": "FEDORA:395052421A", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. ", "edition": 2, "cvss3": {}, "published": "2014-02-22T18:22:17", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: lighttpd-1.4.34-3.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2014-02-22T18:22:17", "id": "FEDORA:37B41225F0", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-12-01T12:11:14", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2795-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nNovember 13, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4508 CVE-2013-4559 CVE-2013-4560\nDebian Bug : 729453\n\nSeveral vulnerabilities have been discovered in the lighttpd web server.\n\nCVE-2013-4508\n\n It was discovered that lighttpd uses weak ssl ciphers when SNI (Server\n Name Indication) is enabled. This issue was solved by ensuring that\n stronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559\n\n The clang static analyzer was used to discover privilege escalation\n issues due to missing checks around lighttpd's setuid, setgid, and\n setgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560\n\n The clang static analyzer was used to discover a use-after-free issue\n when the FAM stat cache engine is enabled, which is now fixed.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.4.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-11-13T06:11:36", "type": "debian", "title": "[SECURITY] [DSA 2795-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2013-11-13T06:11:36", "id": "DEBIAN:DSA-2795-1:2DAAE", "href": "https://lists.debian.org/debian-security-announce/2013/msg00207.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T23:26:05", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2795-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nNovember 13, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4508 CVE-2013-4559 CVE-2013-4560\nDebian Bug : 729453\n\nSeveral vulnerabilities have been discovered in the lighttpd web server.\n\nCVE-2013-4508\n\n It was discovered that lighttpd uses weak ssl ciphers when SNI (Server\n Name Indication) is enabled. This issue was solved by ensuring that\n stronger ssl ciphers are used when SNI is selected.\n\nCVE-2013-4559\n\n The clang static analyzer was used to discover privilege escalation\n issues due to missing checks around lighttpd's setuid, setgid, and\n setgroups calls. Those are now appropriately checked.\n\nCVE-2013-4560\n\n The clang static analyzer was used to discover a use-after-free issue\n when the FAM stat cache engine is enabled, which is now fixed.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.4.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u1.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-11-13T06:11:36", "type": "debian", "title": "[SECURITY] [DSA 2795-1] lighttpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2013-11-13T06:11:36", "id": "DEBIAN:DSA-2795-1:88896", "href": "https://lists.debian.org/debian-security-announce/2013/msg00207.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nlighttpd security advisories report:\n\nIt is possible to inadvertantly enable vulnerable ciphers when using\n\t ssl.cipher-list.\n\n\nIn certain cases setuid() and similar can fail, potentially triggering\n\t lighttpd to restart running as root.\n\n\nIf FAMMonitorDirectory fails, the memory intended to store the context is\n\t released; some lines below the \"version\" compoment of that context is read.\n\t Reading invalid data doesn't matter, but the memory access could trigger a\n\t segfault.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2013-11-28T00:00:00", "type": "freebsd", "title": "lighttpd -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2013-11-28T00:00:00", "id": "90B27045-9530-11E3-9D09-000C2980A9F3", "href": "https://vuxml.freebsd.org/freebsd/90b27045-9530-11e3-9d09-000c2980a9f3.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-07-29T02:14:16", "description": "**Issue Overview:**\n\nUse-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. \n\nlighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. \n\nlighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. \n\n \n**Affected Packages:** \n\n\nlighttpd\n\n \n**Issue Correction:** \nRun _yum update lighttpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 lighttpd-mod_geoip-1.4.34-4.12.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-fastcgi-1.4.34-4.12.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-debuginfo-1.4.34-4.12.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-1.4.34-4.12.amzn1.i686 \n \u00a0\u00a0\u00a0 lighttpd-mod_mysql_vhost-1.4.34-4.12.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 lighttpd-1.4.34-4.12.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 lighttpd-fastcgi-1.4.34-4.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_geoip-1.4.34-4.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-mod_mysql_vhost-1.4.34-4.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-debuginfo-1.4.34-4.12.amzn1.x86_64 \n \u00a0\u00a0\u00a0 lighttpd-1.4.34-4.12.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2014-03-06T14:57:00", "type": "amazon", "title": "Medium: lighttpd", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560"], "modified": "2014-09-16T22:37:00", "id": "ALAS-2014-299", "href": "https://alas.aws.amazon.com/ALAS-2014-299.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:08:40", "description": "### Background\n\nlighttpd is a lightweight high-performance web server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could create a Denial of Service condition. Futhermore, a remote attacker may be able to execute arbitrary SQL statements. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll lighttpd users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/lighttpd-1.4.35\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-06-13T00:00:00", "type": "gentoo", "title": "lighttpd: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4362", "CVE-2012-5533", "CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560", "CVE-2014-2323"], "modified": "2014-06-13T00:00:00", "id": "GLSA-201406-10", "href": "https://security.gentoo.org/glsa/201406-10", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "jvn": [{"lastseen": "2021-12-28T23:20:12", "description": "SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.\n\n**Exposure of information through directory listing ([CWE-548](<https://cwe.mitre.org/data/definitions/548.html>))** \\- CVE-2021-20656 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| **Base Score: 3.5** \nCVSS v2| AV:A/AC:L/Au:S/C:P/I:N/A:N| **Base Score: 2.7** \n \n**Improper access control ([CWE-284](<https://cwe.mitre.org/data/definitions/284.html>))** \\- CVE-2021-20657 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N| **Base Score: 4.6** \nCVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:N| **Base Score: 4.1** \n \n**OS command injection ([CWE-78](<https://cwe.mitre.org/data/definitions/78.html>))** \\- CVE-2021-20658 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| **Base Score: 6.3** \nCVSS v2| AV:A/AC:L/Au:N/C:P/I:P/A:P| **Base Score: 5.8** \n \n**Unrestricted upload of file with dangerous type ([CWE-434](<https://cwe.mitre.org/data/definitions/434.html>))** \\- CVE-2021-20659 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L| **Base Score: 5.5** \nCVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P| **Base Score: 5.2** \n \n**Cross-site scripting ([CWE-79](<https://cwe.mitre.org/data/definitions/79.html>))** \\- CVE-2021-20660 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| **Base Score: 6.1** \nCVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| **Base Score: 4.3** \n \n**Directory traversal ([CWE-23](<https://cwe.mitre.org/data/definitions/23.html>))** \\- CVE-2021-20661 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H| **Base Score: 6.3** \nCVSS v2| AV:A/AC:L/Au:S/C:N/I:P/A:P| **Base Score: 4.1** \n \n**Missing authentication for critical function ([CWE-306](<https://cwe.mitre.org/data/definitions/306.html>))** \\- CVE-2021-20662 \n\nVersion| Vector| Score \n---|---|--- \nCVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| **Base Score: 4.3** \nCVSS v2| AV:A/AC:L/Au:N/C:N/I:P/A:N| **Base Score: 3.3** \n \n**Using components with known vulnerabilities ([CWE-1035](<https://cwe.mitre.org/data/definitions/1035.html>))** \\- CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324 \nThe product uses previous versions of vsfpd and lighttpd with known vulnerabilities. \n\n ## Impact\n\n * An attacker who can log in to the product may obtain the information inside the system, e.g. directories and/or file configurations - CVE-2021-20656\n * An attacker who can log in to the product may obtain and/or alter the setting information without the access privileges. Also, an attacker with the administrative privilege may log in to the product and perform an unintended operation - CVE-2021-20657\n * An attacker may execute an arbitrary OS command with the web server privilege. Also, an attacker with the administrative privilege may log in to the product and perform an unintended operation - CVE-2021-20658\n * An attacker who can log in to the product may upload arbitrary files. If the file is PHP script, the attacker may execute arbitrary code - CVE-2021-20659\n * An arbitrary script may be executed on a logged-in user's web browser - CVE-2021-20660\n * An attacker who can log in to the product may delete arbitrary files and/or directories on the server - CVE-2021-20661\n * An attacker who can log in to the product may alter the setting information without the access privileges - CVE-2021-20662\n * An attack may be conducted by exploiting known vulnerabilities - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324\n\n ## Solution\n\n**Update the Firmware** \nUpdate the firmware to the latest version according to the information provided by the developer. \nThese vulnerabilities have been already addressed in the following firmware version. \n\n * SolarView Compact \n * SV-CPT-MC310 Ver.6.50 \n\n ## Products Affected\n\n * SolarView Compact \n * SV-CPT-MC310 prior to Ver.6.5\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-19T00:00:00", "type": "jvn", "title": "JVN#37417423: Multiple vulnerabilities in SolarView Compact", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0762", "CVE-2011-4362", "CVE-2013-4508", "CVE-2013-4559", "CVE-2013-4560", "CVE-2014-2323", "CVE-2014-2324", "CVE-2021-20656", "CVE-2021-20657", "CVE-2021-20658", "CVE-2021-20659", "CVE-2021-20660", "CVE-2021-20661", "CVE-2021-20662"], "modified": "2021-02-25T00:00:00", "id": "JVN:37417423", "href": "http://jvn.jp/en/jp/JVN37417423/index.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
