CVSS: 6.4EPSS: 14%CPEs: 1EXPL: 0CVE-2007-3946
https://notcve.org/view.php?id=CVE-2007-3946
mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. mod_auth (http_auth.c) en lighttpd anterior a 1.4.16 permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de vectores no especificados afectando a (1)una debilidad de memoria, (2)utilización de md5-sess sin un cnonce, (3) cadenas códificadas en base64, y (4) restos de espacios en blanco en la cabecera Auth-Digest. • http://osvdb.org/38314 http://osvdb.org/38315 http://osvdb.org/38316 http://osvdb.org/38317 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/browser/branches/lighttpd-1.4.x/NEWS?rev=1875 http://trac.lighttpd.net/trac/changeset/1875 http://www.debian.org/security/2007/dsa-1362 http&# •
CVSS: 4.3EPSS: 14%CPEs: 1EXPL: 0CVE-2007-3948
https://notcve.org/view.php?id=CVE-2007-3948
connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. connections.c en lighttpd anterior 1.4.16 podría aceptar mas conexiones que el máximo configurado, lo cual permite a atacantes remotos provocar denegación de servicio (fallo de afirmación) a través de un gran número de intentos de conexión. • http://osvdb.org/38312 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/31104 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1873 http://trac.lighttpd.net/trac/ticket/1216 http://www.debian.org/security/2008/dsa-1609 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/archive/1/474131/100/0 •
CVSS: 8.3EPSS: 14%CPEs: 1EXPL: 0CVE-2007-3949
https://notcve.org/view.php?id=CVE-2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. mod_access.c en lighttpd 1.4.15 ignora los caracteres / barra invertida (slash) en la URL, lo cual permite a atacantes remotos evitar configuraciones de url.access-deny. • http://osvdb.org/38311 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1871 http://trac.lighttpd.net/trac/ticket/1230 http://www.debian.org/security/2007/dsa-1362 http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it http://www.novell.com/linux/security/advisories/2007& •
CVSS: 7.8EPSS: 6%CPEs: 30EXPL: 0CVE-2007-1870
https://notcve.org/view.php?id=CVE-2007-1870
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. lighttpd anterior a 1.4.14 permite a atacantes provocar una denegación de servicio (caída) mediante una petición a un fichero cuyo mtime es 0, lo cual resulta en una referencia a puntero nulo. • http://secunia.com/advisories/24886 http://secunia.com/advisories/24947 http://secunia.com/advisories/24995 http://secunia.com/advisories/25166 http://secunia.com/advisories/25613 http://security.gentoo.org/glsa/glsa-200705-07.xml http://www.debian.org/security/2007/dsa-1303 http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/archive/1/466464/30/6900/threaded •
CVSS: 5.0EPSS: 1%CPEs: 49EXPL: 0CVE-2006-0814
https://notcve.org/view.php?id=CVE-2006-0814
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. response.c en Lighttpd 1.4.10 y posiblemente versiones anteriores, cuando se ejecuta sobre Windows, permite a atacantes leer código fuente de su elección mediante peticiones conteniendo caractéres (1) "." (punto) y (2) espacio al final, que son ignoradas por Windows, como se ha demostrado en ficheros PHP. • http://secunia.com/advisories/18886 http://secunia.com/secunia_research/2006-9/advisory http://securityreason.com/securityalert/523 http://securitytracker.com/id?1015703 http://trac.lighttpd.net/trac/changeset/1005 http://www.osvdb.org/23542 http://www.securityfocus.com/archive/1/426446/100/0/threaded http://www.securityfocus.com/bid/16893 http://www.vupen.com/english/advisories/2006/0782 https://exchange.xforce.ibmcloud.com/vulnerabilities/24976 •