Search for packages
| purl | pkg:deb/debian/lighttpd@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-ew7v-cp7g-ebgk | lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80 |
CVE-2025-12642
|
| VCID-urr4-ejv1-xyh7 | Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. |
CVE-2014-2469
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-13T06:57:09.009981+00:00 | Debian Importer | Fixing | VCID-ew7v-cp7g-ebgk | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T06:45:40.081705+00:00 | Debian Importer | Fixing | VCID-urr4-ejv1-xyh7 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:30:19.468316+00:00 | Debian Importer | Fixing | VCID-ew7v-cp7g-ebgk | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:30:18.959131+00:00 | Debian Importer | Fixing | VCID-urr4-ejv1-xyh7 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |