Page 5 of 23 results (0.013 seconds)

CVSS: 5.8EPSS: 15%CPEs: 1EXPL: 1

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault. request.c en lighttpd 1.4.15 permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través del envío de una respuesta HTTP con cabeceras duplicadas, como se demostró con una respuesta que contiene dos lineas de cabecera Location, el cual deriva en un fallo de segmentación. • https://www.exploit-db.com/exploits/30322 http://osvdb.org/38313 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1869 http://trac.lighttpd.net/trac/ticket/1232 http://www.debian.org/security/2007/dsa-1362 http://www.novell.com/linux/security/advisories/2007_15_sr.html http:/& •

CVSS: 5.0EPSS: 1%CPEs: 49EXPL: 0

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. response.c en Lighttpd 1.4.10 y posiblemente versiones anteriores, cuando se ejecuta sobre Windows, permite a atacantes leer código fuente de su elección mediante peticiones conteniendo caractéres (1) "." (punto) y (2) espacio al final, que son ignoradas por Windows, como se ha demostrado en ficheros PHP. • http://secunia.com/advisories/18886 http://secunia.com/secunia_research/2006-9/advisory http://securityreason.com/securityalert/523 http://securitytracker.com/id?1015703 http://trac.lighttpd.net/trac/changeset/1005 http://www.osvdb.org/23542 http://www.securityfocus.com/archive/1/426446/100/0/threaded http://www.securityfocus.com/bid/16893 http://www.vupen.com/english/advisories/2006/0782 https://exchange.xforce.ibmcloud.com/vulnerabilities/24976 •

CVSS: 2.6EPSS: 0%CPEs: 47EXPL: 0

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. • http://lighttpd.net/news http://secunia.com/advisories/18869 http://www.lighttpd.net/news http://www.osvdb.org/23229 http://www.vupen.com/english/advisories/2006/0550 https://exchange.xforce.ibmcloud.com/vulnerabilities/24699 •