Search for packages
| purl | pkg:deb/debian/lighttpd@1.4.19-5%2Blenny3 |
| Next non-vulnerable version | 1.4.59-1+deb11u2 |
| Latest non-vulnerable version | 1.4.59-1+deb11u2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-392a-57u1-mqcx
Aliases: CVE-2019-11072 |
lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit. |
Affected by 4 other vulnerabilities. |
|
VCID-3mv4-zscp-uke6
Aliases: CVE-2016-1000212 |
security update |
Affected by 9 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-4252-bxgf-pqgq
Aliases: CVE-2010-0295 |
A processing error in lighttpd might result in a Denial of Service condition. |
Affected by 21 other vulnerabilities. |
|
VCID-4mqa-bkha-kbaj
Aliases: CVE-2012-4929 |
security update |
Affected by 15 other vulnerabilities. |
|
VCID-7t19-jqkx-83du
Aliases: CVE-2014-2324 |
security update |
Affected by 15 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-8sn2-9v3z-5qd8
Aliases: CVE-2022-37797 |
A vulnerability has been discovered in lighttpd which could result in denial of service. |
Affected by 0 other vulnerabilities. |
|
VCID-dj2j-yr1r-myej
Aliases: CVE-2022-41556 |
A vulnerability has been discovered in lighttpd which could result in denial of service. |
Affected by 0 other vulnerabilities. |
|
VCID-dnxd-x42g-2qcu
Aliases: CVE-2012-5533 |
Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. |
Affected by 15 other vulnerabilities. |
|
VCID-e1yx-dxa6-1bba
Aliases: CVE-2011-3389 |
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. |
Affected by 15 other vulnerabilities. |
|
VCID-ebx8-yzbr-57ew
Aliases: CVE-2013-4508 |
Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. |
Affected by 15 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-eetd-2zwu-fud5
Aliases: CVE-2011-4362 |
Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. |
Affected by 15 other vulnerabilities. |
|
VCID-ewrp-7up7-9qf3
Aliases: CVE-2013-4560 |
Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. |
Affected by 15 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-gt7s-kr68-5fer
Aliases: CVE-2014-2323 |
Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. |
Affected by 15 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-jau7-gfz8-dkfa
Aliases: CVE-2009-3555 GHSA-f7w7-6pjc-wwm6 VU#120541 |
The renegotiation vulnerability in SSL protocol |
Affected by 15 other vulnerabilities. |
|
VCID-ma83-g8ra-47bd
Aliases: CVE-2022-30780 |
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. |
Affected by 0 other vulnerabilities. |
|
VCID-muqu-fzs6-jqbd
Aliases: CVE-2013-1427 |
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. |
Affected by 15 other vulnerabilities. |
|
VCID-nabb-9r87-mbhw
Aliases: CVE-2022-22707 |
security update |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-r76c-k624-v7fe
Aliases: CVE-2015-3200 |
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character. |
Affected by 7 other vulnerabilities. |
|
VCID-rz5g-r2e9-9kgw
Aliases: CVE-2013-4559 |
Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. |
Affected by 15 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-uk6q-31q8-qqf9
Aliases: CVE-2018-25103 |
There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests. |
Affected by 4 other vulnerabilities. |
|
VCID-wfbv-rpt2-9bcs
Aliases: CVE-2018-19052 |
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. |
Affected by 4 other vulnerabilities. |
|
VCID-xap5-djda-2uem
Aliases: CVE-2014-3566 |
Multiple vulnerabilities have been found in Oracle JRE/JDK, allowing both local and remote attackers to compromise various Java components. |
Affected by 15 other vulnerabilities. Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-17xt-wfmb-6ba3 | Multiple vulnerabilities have been discovered in lighttpd. |
CVE-2008-0983
|
| VCID-2ym1-hzpb-67bp | Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. |
CVE-2008-4359
|
| VCID-483h-5atk-dfgs | Several vulnerabilities were reported in Lighttpd, most of them allowing a Denial of Service and potentially the remote execution of arbitrary code. |
CVE-2007-3947
|
| VCID-a11f-ydyr-6bcd | Several vulnerabilities were reported in Lighttpd, most of them allowing a Denial of Service and potentially the remote execution of arbitrary code. |
CVE-2007-3949
|
| VCID-bzf1-xw3k-qud7 | Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. |
CVE-2008-1531
|
| VCID-d983-1g2v-h7e9 | Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. |
CVE-2008-1270
|
| VCID-h1bj-mx6t-6kav | Two vulnerabilities have been discovered in Lighttpd, each allowing for a Denial of Service. |
CVE-2007-1870
|
| VCID-hc9c-1c4k-wqh1 | Two vulnerabilities have been discovered in Lighttpd, each allowing for a Denial of Service. |
CVE-2007-1869
|
| VCID-j8ey-bqzd-hqce | Multiple vulnerabilities have been discovered in lighttpd. |
CVE-2008-1111
|
| VCID-mmey-1ydv-nfha | Several vulnerabilities were reported in Lighttpd, most of them allowing a Denial of Service and potentially the remote execution of arbitrary code. |
CVE-2007-3946
|
| VCID-ntx6-vp4b-nbdk | Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. |
CVE-2008-4360
|
| VCID-rjf6-heyy-5kce | Several vulnerabilities were reported in Lighttpd, most of them allowing a Denial of Service and potentially the remote execution of arbitrary code. |
CVE-2007-3948
|
| VCID-rjpt-cjmu-43fu | Several vulnerabilities were reported in Lighttpd, most of them allowing a Denial of Service and potentially the remote execution of arbitrary code. |
CVE-2007-3950
|
| VCID-xejg-te5s-wfax | Multiple vulnerabilities in lighttpd may lead to information disclosure or a Denial of Service. |
CVE-2008-4298
|
| VCID-z3wv-cgxn-cyfs | PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. |
CVE-2007-4727
|