CVSS: 8.3EPSS: 14%CPEs: 1EXPL: 0CVE-2007-3949
https://notcve.org/view.php?id=CVE-2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. mod_access.c en lighttpd 1.4.15 ignora los caracteres / barra invertida (slash) en la URL, lo cual permite a atacantes remotos evitar configuraciones de url.access-deny. • http://osvdb.org/38311 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1871 http://trac.lighttpd.net/trac/ticket/1230 http://www.debian.org/security/2007/dsa-1362 http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it http://www.novell.com/linux/security/advisories/2007& •
CVSS: 7.8EPSS: 6%CPEs: 30EXPL: 0CVE-2007-1870
https://notcve.org/view.php?id=CVE-2007-1870
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. lighttpd anterior a 1.4.14 permite a atacantes provocar una denegación de servicio (caída) mediante una petición a un fichero cuyo mtime es 0, lo cual resulta en una referencia a puntero nulo. • http://secunia.com/advisories/24886 http://secunia.com/advisories/24947 http://secunia.com/advisories/24995 http://secunia.com/advisories/25166 http://secunia.com/advisories/25613 http://security.gentoo.org/glsa/glsa-200705-07.xml http://www.debian.org/security/2007/dsa-1303 http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/archive/1/466464/30/6900/threaded •
CVSS: 5.0EPSS: 1%CPEs: 49EXPL: 0CVE-2006-0814
https://notcve.org/view.php?id=CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. response.c en Lighttpd 1.4.10 y posiblemente versiones anteriores, cuando se ejecuta sobre Windows, permite a atacantes leer código fuente de su elección mediante peticiones conteniendo caractéres (1) "." (punto) y (2) espacio al final, que son ignoradas por Windows, como se ha demostrado en ficheros PHP. • http://secunia.com/advisories/18886 http://secunia.com/secunia_research/2006-9/advisory http://securityreason.com/securityalert/523 http://securitytracker.com/id?1015703 http://trac.lighttpd.net/trac/changeset/1005 http://www.osvdb.org/23542 http://www.securityfocus.com/archive/1/426446/100/0/threaded http://www.securityfocus.com/bid/16893 http://www.vupen.com/english/advisories/2006/0782 https://exchange.xforce.ibmcloud.com/vulnerabilities/24976 •
CVSS: 2.6EPSS: 0%CPEs: 47EXPL: 0CVE-2006-0760
https://notcve.org/view.php?id=CVE-2006-0760
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. • http://lighttpd.net/news http://secunia.com/advisories/18869 http://www.lighttpd.net/news http://www.osvdb.org/23229 http://www.vupen.com/english/advisories/2006/0550 https://exchange.xforce.ibmcloud.com/vulnerabilities/24699 •