Page 5 of 23 results (0.003 seconds)

CVSS: 5.8EPSS: 15%CPEs: 1EXPL: 1

CVE-2007-3947 – Lighttpd 1.4.15 - Multiple Code Execution / Denial of Service / Information Disclosure Vulnerabilities

https://notcve.org/view.php?id=CVE-2007-3947

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault. request.c en lighttpd 1.4.15 permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través del envío de una respuesta HTTP con cabeceras duplicadas, como se demostró con una respuesta que contiene dos lineas de cabecera Location, el cual deriva en un fallo de segmentación. • https://www.exploit-db.com/exploits/30322 http://osvdb.org/38313 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1869 http://trac.lighttpd.net/trac/ticket/1232 http://www.debian.org/security/2007/dsa-1362 http://www.novell.com/linux/security/advisories/2007_15_sr.html http:/& •

CVSS: 5.0EPSS: 1%CPEs: 49EXPL: 0

CVE-2006-0814

https://notcve.org/view.php?id=CVE-2006-0814

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. response.c en Lighttpd 1.4.10 y posiblemente versiones anteriores, cuando se ejecuta sobre Windows, permite a atacantes leer código fuente de su elección mediante peticiones conteniendo caractéres (1) "." (punto) y (2) espacio al final, que son ignoradas por Windows, como se ha demostrado en ficheros PHP. • http://secunia.com/advisories/18886 http://secunia.com/secunia_research/2006-9/advisory http://securityreason.com/securityalert/523 http://securitytracker.com/id?1015703 http://trac.lighttpd.net/trac/changeset/1005 http://www.osvdb.org/23542 http://www.securityfocus.com/archive/1/426446/100/0/threaded http://www.securityfocus.com/bid/16893 http://www.vupen.com/english/advisories/2006/0782 https://exchange.xforce.ibmcloud.com/vulnerabilities/24976 •

CVSS: 2.6EPSS: 0%CPEs: 47EXPL: 0

CVE-2006-0760

https://notcve.org/view.php?id=CVE-2006-0760

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. • http://lighttpd.net/news http://secunia.com/advisories/18869 http://www.lighttpd.net/news http://www.osvdb.org/23229 http://www.vupen.com/english/advisories/2006/0550 https://exchange.xforce.ibmcloud.com/vulnerabilities/24699 •