32 results (0.010 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests. Existe una vulnerabilidad de use-after-free en lighttpd &lt;= 1.4.50 que puede permitir el acceso para realizar una comparación que no distinga entre mayúsculas y minúsculas con el puntero reutilizado. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736 https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8 https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9 https://www.kb.cert.org/vuls/id/312260 https://www.runzero.com/blog/lighttpd •

CVSS: 5.9EPSS: 3%CPEs: 3EXPL: 1

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. En lighttpd versiones 1.4.46 hasta 1.4.63, la función mod_extforward_Forwarded del plugin mod_extforward tiene un desbordamiento de búfer basado en la pila (4 bytes que representan -1), como lo demuestra la denegación de servicio remota (caída del demonio) en una configuración no predeterminada. La configuración no predeterminada requiere el manejo de la cabecera Forwarded de una manera algo inusual. • https://redmine.lighttpd.net/issues/3134 https://www.debian.org/security/2022/dsa-5040 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 66%CPEs: 1EXPL: 1

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. • http://www.securityfocus.com/bid/107907 https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354 https://redmine.lighttpd.net/issues/2945 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. Se ha descubierto un problema en mod_alias_physical_handler en mod_alias.c en lighttpd en versiones anteriores a la 1.4.50. Hay un salto de directorio ../ de un único directorio sobre el alias objetivo, con una configuración mod_alias específica en la que el alias coincidente carece de un carácter "/" final, pero el sistema de archivos del alias objetivo sí tiene un carácter "/" final. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00054.html https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 https://lists.debian.org/debian-lts-announce/2022/01/msg00012.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. mod_auth en lighttpd anterior a 1.4.36 permite a atacantes remotos inyectar entradas de registro largas a través de una cadena de la autenticación HTTP básica sin un caracter de dos puntos, tal y como fue demostrado por una cadena que contiene un caracter nulo y de nueva línea. • http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html http://redmine.lighttpd.net/issues/2646 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/74813 http://www.securitytracker.com/id/1032405 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •