Page 7 of 35 results (0.004 seconds)

CVSS: 5.0EPSS: 22%CPEs: 2EXPL: 0

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. lighttpd 1.4.12 y 1.4.13 permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y cpu) desconectando cuando lighttpd está analizando secuencias CRLF, lo cual provoca un bucle infinito y el consumo de descriptor de fichero. • http://secunia.com/advisories/24886 http://secunia.com/advisories/24947 http://secunia.com/advisories/24995 http://secunia.com/advisories/25166 http://secunia.com/advisories/25613 http://security.gentoo.org/glsa/glsa-200705-07.xml http://www.debian.org/security/2007/dsa-1303 http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/archive/1/466464/30/6900/threaded •

CVSS: 7.8EPSS: 5%CPEs: 30EXPL: 0

lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. lighttpd anterior a 1.4.14 permite a atacantes provocar una denegación de servicio (caída) mediante una petición a un fichero cuyo mtime es 0, lo cual resulta en una referencia a puntero nulo. • http://secunia.com/advisories/24886 http://secunia.com/advisories/24947 http://secunia.com/advisories/24995 http://secunia.com/advisories/25166 http://secunia.com/advisories/25613 http://security.gentoo.org/glsa/glsa-200705-07.xml http://www.debian.org/security/2007/dsa-1303 http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/archive/1/466464/30/6900/threaded •

CVSS: 5.0EPSS: 1%CPEs: 49EXPL: 0

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. response.c en Lighttpd 1.4.10 y posiblemente versiones anteriores, cuando se ejecuta sobre Windows, permite a atacantes leer código fuente de su elección mediante peticiones conteniendo caractéres (1) "." (punto) y (2) espacio al final, que son ignoradas por Windows, como se ha demostrado en ficheros PHP. • http://secunia.com/advisories/18886 http://secunia.com/secunia_research/2006-9/advisory http://securityreason.com/securityalert/523 http://securitytracker.com/id?1015703 http://trac.lighttpd.net/trac/changeset/1005 http://www.osvdb.org/23542 http://www.securityfocus.com/archive/1/426446/100/0/threaded http://www.securityfocus.com/bid/16893 http://www.vupen.com/english/advisories/2006/0782 https://exchange.xforce.ibmcloud.com/vulnerabilities/24976 •

CVSS: 2.6EPSS: 0%CPEs: 47EXPL: 0

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. • http://lighttpd.net/news http://secunia.com/advisories/18869 http://www.lighttpd.net/news http://www.osvdb.org/23229 http://www.vupen.com/english/advisories/2006/0550 https://exchange.xforce.ibmcloud.com/vulnerabilities/24699 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension. • http://article.gmane.org/gmane.comp.web.lighttpd/1171 http://secunia.com/advisories/14297 http://security.gentoo.org/glsa/glsa-200502-21.xml •