Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/lighttpd@1.4.53-4?distro=trixie
Typedeb
Namespacedebian
Namelighttpd
Version1.4.53-4
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.4.59-1
Latest_non_vulnerable_version1.4.82-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-392a-57u1-mqcx
vulnerability_id VCID-392a-57u1-mqcx
summary lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11072
reference_id
reference_type
scores
0
value 0.12083
scoring_system epss
scoring_elements 0.93813
published_at 2026-04-16T12:55:00Z
1
value 0.12083
scoring_system epss
scoring_elements 0.93783
published_at 2026-04-08T12:55:00Z
2
value 0.12083
scoring_system epss
scoring_elements 0.93786
published_at 2026-04-09T12:55:00Z
3
value 0.12083
scoring_system epss
scoring_elements 0.9379
published_at 2026-04-11T12:55:00Z
4
value 0.12083
scoring_system epss
scoring_elements 0.93791
published_at 2026-04-13T12:55:00Z
5
value 0.12083
scoring_system epss
scoring_elements 0.93752
published_at 2026-04-01T12:55:00Z
6
value 0.12083
scoring_system epss
scoring_elements 0.93761
published_at 2026-04-02T12:55:00Z
7
value 0.12083
scoring_system epss
scoring_elements 0.93771
published_at 2026-04-04T12:55:00Z
8
value 0.12083
scoring_system epss
scoring_elements 0.93774
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11072
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11072
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11072
2
reference_url https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T20:27:33Z/
url https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354
3
reference_url https://redmine.lighttpd.net/issues/2945
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T20:27:33Z/
url https://redmine.lighttpd.net/issues/2945
4
reference_url http://www.securityfocus.com/bid/107907
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T20:27:33Z/
url http://www.securityfocus.com/bid/107907
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926885
reference_id 926885
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926885
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11072
reference_id CVE-2019-11072
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-11072
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.53-4?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.53-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.53-4%3Fdistro=trixie
1
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie
3
url pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie
4
url pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie
aliases CVE-2019-11072
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-392a-57u1-mqcx
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.53-4%3Fdistro=trixie