NotCVE - vendor:"Lighttpd" product:"Lighttpd" version:"1.4.13"

Page 5 of 25 results (0.005 seconds)

CVSS: 6.4EPSS: 14%CPEs: 1EXPL: 0

CVE-2007-3946

https://notcve.org/view.php?id=CVE-2007-3946

mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. mod_auth (http_auth.c) en lighttpd anterior a 1.4.16 permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de vectores no especificados afectando a (1)una debilidad de memoria, (2)utilización de md5-sess sin un cnonce, (3) cadenas códificadas en base64, y (4) restos de espacios en blanco en la cabecera Auth-Digest. • http://osvdb.org/38314 http://osvdb.org/38315 http://osvdb.org/38316 http://osvdb.org/38317 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/browser/branches/lighttpd-1.4.x/NEWS?rev=1875 http://trac.lighttpd.net/trac/changeset/1875 http://www.debian.org/security/2007/dsa-1362 http&# •

CVSS: 4.3EPSS: 14%CPEs: 1EXPL: 0

CVE-2007-3948

https://notcve.org/view.php?id=CVE-2007-3948

connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. connections.c en lighttpd anterior 1.4.16 podría aceptar mas conexiones que el máximo configurado, lo cual permite a atacantes remotos provocar denegación de servicio (fallo de afirmación) a través de un gran número de intentos de conexión. • http://osvdb.org/38312 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/31104 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1873 http://trac.lighttpd.net/trac/ticket/1216 http://www.debian.org/security/2008/dsa-1609 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/archive/1/474131/100/0 •

CVSS: 8.3EPSS: 14%CPEs: 1EXPL: 0

CVE-2007-3949

https://notcve.org/view.php?id=CVE-2007-3949

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. mod_access.c en lighttpd 1.4.15 ignora los caracteres / barra invertida (slash) en la URL, lo cual permite a atacantes remotos evitar configuraciones de url.access-deny. • http://osvdb.org/38311 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1871 http://trac.lighttpd.net/trac/ticket/1230 http://www.debian.org/security/2007/dsa-1362 http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it http://www.novell.com/linux/security/advisories/2007& •

CVSS: 5.0EPSS: 22%CPEs: 2EXPL: 0

CVE-2007-1869

https://notcve.org/view.php?id=CVE-2007-1869

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. lighttpd 1.4.12 y 1.4.13 permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y cpu) desconectando cuando lighttpd está analizando secuencias CRLF, lo cual provoca un bucle infinito y el consumo de descriptor de fichero. • http://secunia.com/advisories/24886 http://secunia.com/advisories/24947 http://secunia.com/advisories/24995 http://secunia.com/advisories/25166 http://secunia.com/advisories/25613 http://security.gentoo.org/glsa/glsa-200705-07.xml http://www.debian.org/security/2007/dsa-1303 http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/archive/1/466464/30/6900/threaded •

CVSS: 7.8EPSS: 6%CPEs: 30EXPL: 0

CVE-2007-1870

https://notcve.org/view.php?id=CVE-2007-1870

lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. lighttpd anterior a 1.4.14 permite a atacantes provocar una denegación de servicio (caída) mediante una petición a un fichero cuyo mtime es 0, lo cual resulta en una referencia a puntero nulo. • http://secunia.com/advisories/24886 http://secunia.com/advisories/24947 http://secunia.com/advisories/24995 http://secunia.com/advisories/25166 http://secunia.com/advisories/25613 http://security.gentoo.org/glsa/glsa-200705-07.xml http://www.debian.org/security/2007/dsa-1303 http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/archive/1/466464/30/6900/threaded •

1...3 4 5