Download
| Alert*
oval:org.secpod.oval:def:106571
lighttpd is installed oval:org.secpod.oval:def:106436 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:106434 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:106570 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:106572 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:109424 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:109400 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:1600451 It was discovered that lighttpd class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. oval:org.secpod.oval:def:602582 Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTP_PROXY environment variables, allowing remote attackers to carry out Man in the Middle attacks or initiate connections to arb ... oval:org.secpod.oval:def:600995 Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the P ... oval:org.secpod.oval:def:110027 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:601306 lighttpd is installed oval:org.secpod.oval:def:601146 Several vulnerabilities have been discovered in the lighttpd web server. CVE-2013-4508 It was discovered that lighttpd uses weak ssl ciphers when SNI is enabled. This issue was solved by ensuring that stronger ssl ciphers are used when SNI is selected. CVE-2013-4559 The clang static analyzer was us ... oval:org.secpod.oval:def:110007 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:111196 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:1600127 Multiple directory traversal vulnerabilities in mod_evhost and mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. in the host name, related to request_check_hostname.SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows r ... oval:org.secpod.oval:def:105975 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:1600218 The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header. oval:org.secpod.oval:def:1600079 Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service via unspecified vectors that trigger FAMMonitorDirectory failures. lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hija ... oval:org.secpod.oval:def:111181 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:601232 Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module . This only affects installations with the lighttpd-mod-my ... oval:org.secpod.oval:def:601150 It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification. oval:org.secpod.oval:def:1601279 Integer signedness error in the base64_decode function in the HTTP authentication functionality in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service via crafted base64 input that triggers an out-of-bounds read with a negative index. oval:org.secpod.oval:def:78145 An out-of-bounds memory access was discovered in the mod_extforward plugin of the lighttpd web server, which may result in denial of service. oval:org.secpod.oval:def:89479 lighttpd: fast webserver with minimal memory footprint Several security issues were fixed in lighttpd. oval:org.secpod.oval:def:114992 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:114993 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:3300878 SUSE Security Update: Security update for lighttpd oval:org.secpod.oval:def:3301185 SUSE Security Update: Security update for lighttpd oval:org.secpod.oval:def:115266 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:115269 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:115333 Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set make it the perfect webserver-software for every server that is suffe ... oval:org.secpod.oval:def:602383 lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default. oval:org.secpod.oval:def:600967 Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing c ... oval:org.secpod.oval:def:2000101 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:1901505 An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing "/" character, but the alias target file ... oval:org.secpod.oval:def:600694 Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user i ... oval:org.secpod.oval:def:1901921 lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. |