CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2CVE-2008-1270 – Lighttpd 1.4.x - mod_userdir Information Disclosure
https://notcve.org/view.php?id=CVE-2008-1270
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. mod_userdir en lighttpd 1.4.18 y anteriores, cuando no está establecido el userdir.path usa un $HOME por defecto, que podría permitir a atacantes remotos leer ficheros de su elección como se ha demostrado accediendo al directorio ~nobody. • https://www.exploit-db.com/exploits/31396 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29318 http://secunia.com/advisories/29403 http://secunia.com/advisories/29622 http://secunia.com/advisories/29636 http://security.gentoo.org/glsa/glsa-200804-08.xml http://trac.lighttpd.net/trac/ticket/1587 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0106 http://www.debian.org/security/2008/dsa-1521 http://www.lighttpd. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 10%CPEs: 12EXPL: 0CVE-2008-0983
https://notcve.org/view.php?id=CVE-2008-0983
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. lighttpd 1.4.18 y posiblemente otras versiones anteriores a la 1.5.0, no calcula correctamente el tamaño del array descriptor de archivos, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de un gran número de conexiones, lo cual dispara un acceso fuera de límite. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29066 http://secunia.com/advisories/29166 http://secunia.com/advisories/29209 http://secunia.com/advisories/29268 http://secunia.com/advisories/29622 http://secunia.com/advisories/31104 http://security.gentoo.org/glsa/glsa-200803-10.xml http://trac.lighttpd.net/trac/ticket/1562 http://wiki.rpath.com/Advisories:rPSA-2008-0084 http://www.debian.org/security/2008/dsa-1609&# • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 29%CPEs: 1EXPL: 0CVE-2007-4727
https://notcve.org/view.php?id=CVE-2007-4727
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow." Desbordamiento de búfer en la función fcgi_env_add de mod_proxy_backend_fastcgi.c en la extensión mod_fastcgi en lighttpd anterior a 1.4.18 permite a atacantes remotos sobrescribir variables CGI de su elección y ejecutar código de su elección mediante una petición HTTP con una longitud de contenido larga, como se ha demostrado sobrescribiendo la variable SCRIPT_FILENAME, también conocido como "desbordamiento de cabecera". • http://fedoranews.org/updates/FEDORA-2007-213.shtml http://secunia.com/advisories/26732 http://secunia.com/advisories/26794 http://secunia.com/advisories/26824 http://secunia.com/advisories/26997 http://secunia.com/advisories/27229 http://securityreason.com/securityalert/3127 http://secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability http://trac.lighttpd.net/trac/changeset/1986 http://www.gentoo.org/security/en/glsa/glsa-200709-16.xml http://www.lighttpd.net/assets/2007 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 14%CPEs: 1EXPL: 0CVE-2007-3946
https://notcve.org/view.php?id=CVE-2007-3946
mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. mod_auth (http_auth.c) en lighttpd anterior a 1.4.16 permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de vectores no especificados afectando a (1)una debilidad de memoria, (2)utilización de md5-sess sin un cnonce, (3) cadenas códificadas en base64, y (4) restos de espacios en blanco en la cabecera Auth-Digest. • http://osvdb.org/38314 http://osvdb.org/38315 http://osvdb.org/38316 http://osvdb.org/38317 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/browser/branches/lighttpd-1.4.x/NEWS?rev=1875 http://trac.lighttpd.net/trac/changeset/1875 http://www.debian.org/security/2007/dsa-1362 http&# •
CVSS: 4.3EPSS: 6%CPEs: 1EXPL: 0CVE-2007-3950
https://notcve.org/view.php?id=CVE-2007-3950
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. lighttpd 1.4.15, cuando funciona bajo plataformas de 32 bits, permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de vectores no especificados afectando al uso de especificaciones de formatos incompatibles en ciertos mensajes de depuración en los módulos (1) mod_scgi, (2) mod_fastcgi, y (3) mod_webdav. • http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://securityreason.com/securityalert/2909 http://trac.lighttpd.net/trac/changeset/1882 http://trac.lighttpd.net/trac/ticket/1263 http://www.debian.org/security/2007/dsa-1362 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/archive/1& •