DSA-2877-1 lighttpd -- lighttpdID: oval:org.secpod.oval:def:601232 | Date: (C)2014-04-04 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module . This only affects installations with the lighttpd-mod-mysql-vhost binary package installed and in use. CVE-2014-2324 Jann Horn discovered that specially crafted host names can be used to traverse outside of the document root under certain situations in lighttpd servers using either the mod_mysql_vhost, mod_evhost, or mod_simple_vhost virtual hosting modules. Servers not using these modules are not affected.
Platform: |
Debian 7.0 |
Debian 6.0 |