Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie

Type deb

Namespace debian

Name lighttpd

Version 1.4.16-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.4.18-1

Latest_non_vulnerable_version 1.4.82-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-afwm-ubf5-afbw

vulnerability_id VCID-afwm-ubf5-afbw

summary mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3946

reference_id

reference_type

scores

value	0.04694
scoring_system	epss
scoring_elements	0.89517
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3946

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3946
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3946

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888
reference_id	434888
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888

reference_url	https://security.gentoo.org/glsa/200708-11
reference_id	GLSA-200708-11
reference_type
scores
url	https://security.gentoo.org/glsa/200708-11

fixed_packages

url	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.16-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie

aliases CVE-2007-3946

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afwm-ubf5-afbw

url VCID-bpsh-jyuw-cfet

vulnerability_id VCID-bpsh-jyuw-cfet

summary lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3950

reference_id

reference_type

scores

value	0.02157
scoring_system	epss
scoring_elements	0.84544
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3950

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888
reference_id	434888
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888

reference_url	https://security.gentoo.org/glsa/200708-11
reference_id	GLSA-200708-11
reference_type
scores
url	https://security.gentoo.org/glsa/200708-11

fixed_packages

url	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.16-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie

aliases CVE-2007-3950

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpsh-jyuw-cfet

url VCID-p74u-1zm7-1kgg

vulnerability_id VCID-p74u-1zm7-1kgg

summary mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3949

reference_id

reference_type

scores

value	0.00608
scoring_system	epss
scoring_elements	0.70035
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3949

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3949
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3949

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888
reference_id	434888
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888

reference_url	https://security.gentoo.org/glsa/200708-11
reference_id	GLSA-200708-11
reference_type
scores
url	https://security.gentoo.org/glsa/200708-11

fixed_packages

url	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.16-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie

aliases CVE-2007-3949

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p74u-1zm7-1kgg

url VCID-q632-h6ep-cbdg

vulnerability_id VCID-q632-h6ep-cbdg

summary connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3948

reference_id

reference_type

scores

value	0.0244
scoring_system	epss
scoring_elements	0.8542
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3948

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3948
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3948

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888
reference_id	434888
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888

reference_url	https://security.gentoo.org/glsa/200708-11
reference_id	GLSA-200708-11
reference_type
scores
url	https://security.gentoo.org/glsa/200708-11

fixed_packages

url	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.16-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie

aliases CVE-2007-3948

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q632-h6ep-cbdg

url VCID-sbgp-2as6-e7d5

vulnerability_id VCID-sbgp-2as6-e7d5

summary request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3947

reference_id

reference_type

scores

value	0.20872
scoring_system	epss
scoring_elements	0.95718
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3947

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3947
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3947

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428368
reference_id	428368
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428368

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/30322.rb
reference_id	CVE-2007-3947;OSVDB-38313
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/30322.rb

reference_url	https://www.securityfocus.com/bid/24967/info
reference_id	CVE-2007-3947;OSVDB-38313
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/24967/info

reference_url	https://security.gentoo.org/glsa/200708-11
reference_id	GLSA-200708-11
reference_type
scores
url	https://security.gentoo.org/glsa/200708-11

fixed_packages

url	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.16-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie

aliases CVE-2007-3947

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbgp-2as6-e7d5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.16-1%3Fdistro=trixie

Package Instance