CVE-2008-1270 – Lighttpd 1.4.x - mod_userdir Information Disclosure
https://notcve.org/view.php?id=CVE-2008-1270
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. mod_userdir en lighttpd 1.4.18 y anteriores, cuando no está establecido el userdir.path usa un $HOME por defecto, que podría permitir a atacantes remotos leer ficheros de su elección como se ha demostrado accediendo al directorio ~nobody. • https://www.exploit-db.com/exploits/31396 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29318 http://secunia.com/advisories/29403 http://secunia.com/advisories/29622 http://secunia.com/advisories/29636 http://security.gentoo.org/glsa/glsa-200804-08.xml http://trac.lighttpd.net/trac/ticket/1587 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106 http://www.debian.org/security/2008/dsa-1521 http://www.lighttpd. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-1111
https://notcve.org/view.php?id=CVE-2008-1111
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information. El mod_cgi en lighttpd versión 1.4.18, envía el código fuente de los scripts CGI en lugar de un error 500 cuando ocurre un fallo de bifurcación, lo que podría permitir a los atacantes remotos obtener información confidencial. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29209 http://secunia.com/advisories/29235 http://secunia.com/advisories/29268 http://secunia.com/advisories/29275 http://secunia.com/advisories/29318 http://secunia.com/advisories/29622 http://security.gentoo.org/glsa/glsa-200803-10.xml http://trac.lighttpd.net/trac/changeset/2107 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106 http://www.debian.org/security/2008/d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-0983
https://notcve.org/view.php?id=CVE-2008-0983
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. lighttpd 1.4.18 y posiblemente otras versiones anteriores a la 1.5.0, no calcula correctamente el tamaño del array descriptor de archivos, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de un gran número de conexiones, lo cual dispara un acceso fuera de límite. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29066 http://secunia.com/advisories/29166 http://secunia.com/advisories/29209 http://secunia.com/advisories/29268 http://secunia.com/advisories/29622 http://secunia.com/advisories/31104 http://security.gentoo.org/glsa/glsa-200803-10.xml http://trac.lighttpd.net/trac/ticket/1562 http://wiki.rpath.com/Advisories:rPSA-2008-0084 http://www.debian.org/security/2008/dsa-1609 • CWE-399: Resource Management Errors •
CVE-2007-4727
https://notcve.org/view.php?id=CVE-2007-4727
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow." Desbordamiento de búfer en la función fcgi_env_add de mod_proxy_backend_fastcgi.c en la extensión mod_fastcgi en lighttpd anterior a 1.4.18 permite a atacantes remotos sobrescribir variables CGI de su elección y ejecutar código de su elección mediante una petición HTTP con una longitud de contenido larga, como se ha demostrado sobrescribiendo la variable SCRIPT_FILENAME, también conocido como "desbordamiento de cabecera". • http://fedoranews.org/updates/FEDORA-2007-213.shtml http://secunia.com/advisories/26732 http://secunia.com/advisories/26794 http://secunia.com/advisories/26824 http://secunia.com/advisories/26997 http://secunia.com/advisories/27229 http://securityreason.com/securityalert/3127 http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability http://trac.lighttpd.net/trac/changeset/1986 http://www.gentoo.org/security/en/glsa/glsa-200709-16.xml http://www.lighttpd.net/assets/2007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-3949
https://notcve.org/view.php?id=CVE-2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. mod_access.c en lighttpd 1.4.15 ignora los caracteres / barra invertida (slash) en la URL, lo cual permite a atacantes remotos evitar configuraciones de url.access-deny. • http://osvdb.org/38311 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1871 http://trac.lighttpd.net/trac/ticket/1230 http://www.debian.org/security/2007/dsa-1362 http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it http://www.novell.com/linux/security/advisories/2007& •