26 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-25103 – Use-after-free vulnerabilities in lighttpd <= 1.4.50

https://notcve.org/view.php?id=CVE-2018-25103

There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests. Existe una vulnerabilidad de use-after-free en lighttpd &lt;= 1.4.50 que puede permitir el acceso para realizar una comparación que no distinga entre mayúsculas y minúsculas con el puntero reutilizado. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736 https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8 https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9 https://www.kb.cert.org/vuls/id/312260 https://www.runzero.com/blog/lighttpd •

CVSS: 9.8EPSS: 66%CPEs: 1EXPL: 1

CVE-2019-11072

https://notcve.org/view.php?id=CVE-2019-11072

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. • http://www.securityfocus.com/bid/107907 https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354 https://redmine.lighttpd.net/issues/2945 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2018-19052

https://notcve.org/view.php?id=CVE-2018-19052

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. Se ha descubierto un problema en mod_alias_physical_handler en mod_alias.c en lighttpd en versiones anteriores a la 1.4.50. Hay un salto de directorio ../ de un único directorio sobre el alias objetivo, con una configuración mod_alias específica en la que el alias coincidente carece de un carácter "/" final, pero el sistema de archivos del alias objetivo sí tiene un carácter "/" final. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00054.html https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 https://lists.debian.org/debian-lts-announce/2022/01/msg00012.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2015-3200

https://notcve.org/view.php?id=CVE-2015-3200

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. mod_auth en lighttpd anterior a 1.4.36 permite a atacantes remotos inyectar entradas de registro largas a través de una cadena de la autenticación HTTP básica sin un caracter de dos puntos, tal y como fue demostrado por una cadena que contiene un caracter nulo y de nueva línea. • http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.html http://redmine.lighttpd.net/issues/2646 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/74813 http://www.securitytracker.com/id/1032405 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 96%CPEs: 9EXPL: 2

CVE-2014-2323

https://notcve.org/view.php?id=CVE-2014-2323

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Vulnerabilidad de inyección SQL en mod_mysql_vhost.c en lighttpd anterior a 1.4.35 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del nombre de host, relacionado con request_check_hostname. • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt http://jvn.jp/en/jp/JVN37417423/index.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html http://marc.info/?l=bugtraq&m=141576815022399&w=2 http://seclists.org/oss-sec/2014/q1/561 http://seclists.org/oss-sec/2014/q1/564 http:/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •