Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
Typedeb
Namespacedebian
Namelighttpd
Version1.4.53-4+deb10u2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.59-1+deb11u2
Latest_non_vulnerable_version1.4.59-1+deb11u2
Affected_by_vulnerabilities
0
url VCID-8sn2-9v3z-5qd8
vulnerability_id VCID-8sn2-9v3z-5qd8
summary A vulnerability has been discovered in lighttpd which could result in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37797
reference_id
reference_type
scores
0
value 0.01444
scoring_system epss
scoring_elements 0.80736
published_at 2026-04-13T12:55:00Z
1
value 0.01444
scoring_system epss
scoring_elements 0.80758
published_at 2026-04-11T12:55:00Z
2
value 0.01444
scoring_system epss
scoring_elements 0.80743
published_at 2026-04-12T12:55:00Z
3
value 0.01444
scoring_system epss
scoring_elements 0.80687
published_at 2026-04-02T12:55:00Z
4
value 0.01444
scoring_system epss
scoring_elements 0.80709
published_at 2026-04-04T12:55:00Z
5
value 0.01444
scoring_system epss
scoring_elements 0.80704
published_at 2026-04-07T12:55:00Z
6
value 0.01444
scoring_system epss
scoring_elements 0.80733
published_at 2026-04-08T12:55:00Z
7
value 0.01444
scoring_system epss
scoring_elements 0.80742
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37797
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37797
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41556
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41556
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://security.archlinux.org/AVG-2822
reference_id AVG-2822
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2822
5
reference_url https://security.gentoo.org/glsa/202210-12
reference_id GLSA-202210-12
reference_type
scores
url https://security.gentoo.org/glsa/202210-12
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2
aliases CVE-2022-37797
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sn2-9v3z-5qd8
1
url VCID-dj2j-yr1r-myej
vulnerability_id VCID-dj2j-yr1r-myej
summary A vulnerability has been discovered in lighttpd which could result in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41556
reference_id
reference_type
scores
0
value 0.01808
scoring_system epss
scoring_elements 0.82824
published_at 2026-04-13T12:55:00Z
1
value 0.01808
scoring_system epss
scoring_elements 0.82833
published_at 2026-04-11T12:55:00Z
2
value 0.01808
scoring_system epss
scoring_elements 0.82829
published_at 2026-04-12T12:55:00Z
3
value 0.01808
scoring_system epss
scoring_elements 0.82774
published_at 2026-04-02T12:55:00Z
4
value 0.01808
scoring_system epss
scoring_elements 0.82788
published_at 2026-04-04T12:55:00Z
5
value 0.01808
scoring_system epss
scoring_elements 0.82785
published_at 2026-04-07T12:55:00Z
6
value 0.01808
scoring_system epss
scoring_elements 0.82811
published_at 2026-04-08T12:55:00Z
7
value 0.01808
scoring_system epss
scoring_elements 0.82817
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41556
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37797
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41556
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41556
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://security.archlinux.org/AVG-2822
reference_id AVG-2822
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2822
5
reference_url https://security.gentoo.org/glsa/202210-12
reference_id GLSA-202210-12
reference_type
scores
url https://security.gentoo.org/glsa/202210-12
6
reference_url https://usn.ubuntu.com/5903-1/
reference_id USN-5903-1
reference_type
scores
url https://usn.ubuntu.com/5903-1/
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2
aliases CVE-2022-41556
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dj2j-yr1r-myej
2
url VCID-ma83-g8ra-47bd
vulnerability_id VCID-ma83-g8ra-47bd
summary Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-30780
reference_id
reference_type
scores
0
value 0.81817
scoring_system epss
scoring_elements 0.99188
published_at 2026-04-02T12:55:00Z
1
value 0.81817
scoring_system epss
scoring_elements 0.99191
published_at 2026-04-04T12:55:00Z
2
value 0.81817
scoring_system epss
scoring_elements 0.99194
published_at 2026-04-07T12:55:00Z
3
value 0.81817
scoring_system epss
scoring_elements 0.99196
published_at 2026-04-13T12:55:00Z
4
value 0.81817
scoring_system epss
scoring_elements 0.99197
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-30780
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30780
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30780
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2
aliases CVE-2022-30780
risk_score 7.6
exploitability 2.0
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ma83-g8ra-47bd
3
url VCID-nabb-9r87-mbhw
vulnerability_id VCID-nabb-9r87-mbhw
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22707
reference_id
reference_type
scores
0
value 0.01488
scoring_system epss
scoring_elements 0.8099
published_at 2026-04-02T12:55:00Z
1
value 0.01488
scoring_system epss
scoring_elements 0.81013
published_at 2026-04-04T12:55:00Z
2
value 0.01488
scoring_system epss
scoring_elements 0.81012
published_at 2026-04-07T12:55:00Z
3
value 0.01488
scoring_system epss
scoring_elements 0.8104
published_at 2026-04-08T12:55:00Z
4
value 0.01488
scoring_system epss
scoring_elements 0.81047
published_at 2026-04-09T12:55:00Z
5
value 0.01488
scoring_system epss
scoring_elements 0.81064
published_at 2026-04-11T12:55:00Z
6
value 0.01488
scoring_system epss
scoring_elements 0.81051
published_at 2026-04-12T12:55:00Z
7
value 0.01488
scoring_system epss
scoring_elements 0.81043
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22707
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22707
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22707
2
reference_url https://usn.ubuntu.com/5903-1/
reference_id USN-5903-1
reference_type
scores
url https://usn.ubuntu.com/5903-1/
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2
aliases CVE-2022-22707
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nabb-9r87-mbhw
Fixing_vulnerabilities
0
url VCID-392a-57u1-mqcx
vulnerability_id VCID-392a-57u1-mqcx
summary lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11072
reference_id
reference_type
scores
0
value 0.12083
scoring_system epss
scoring_elements 0.93752
published_at 2026-04-01T12:55:00Z
1
value 0.12083
scoring_system epss
scoring_elements 0.93774
published_at 2026-04-07T12:55:00Z
2
value 0.12083
scoring_system epss
scoring_elements 0.93783
published_at 2026-04-08T12:55:00Z
3
value 0.12083
scoring_system epss
scoring_elements 0.93786
published_at 2026-04-09T12:55:00Z
4
value 0.12083
scoring_system epss
scoring_elements 0.9379
published_at 2026-04-11T12:55:00Z
5
value 0.12083
scoring_system epss
scoring_elements 0.93791
published_at 2026-04-13T12:55:00Z
6
value 0.12083
scoring_system epss
scoring_elements 0.93761
published_at 2026-04-02T12:55:00Z
7
value 0.12083
scoring_system epss
scoring_elements 0.93771
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11072
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11072
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11072
2
reference_url https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T20:27:33Z/
url https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354
3
reference_url https://redmine.lighttpd.net/issues/2945
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T20:27:33Z/
url https://redmine.lighttpd.net/issues/2945
4
reference_url http://www.securityfocus.com/bid/107907
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T20:27:33Z/
url http://www.securityfocus.com/bid/107907
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926885
reference_id 926885
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926885
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11072
reference_id CVE-2019-11072
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-11072
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
purl pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sn2-9v3z-5qd8
1
vulnerability VCID-dj2j-yr1r-myej
2
vulnerability VCID-ma83-g8ra-47bd
3
vulnerability VCID-nabb-9r87-mbhw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.53-4%252Bdeb10u2
aliases CVE-2019-11072
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-392a-57u1-mqcx
1
url VCID-nabb-9r87-mbhw
vulnerability_id VCID-nabb-9r87-mbhw
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22707
reference_id
reference_type
scores
0
value 0.01488
scoring_system epss
scoring_elements 0.8099
published_at 2026-04-02T12:55:00Z
1
value 0.01488
scoring_system epss
scoring_elements 0.81013
published_at 2026-04-04T12:55:00Z
2
value 0.01488
scoring_system epss
scoring_elements 0.81012
published_at 2026-04-07T12:55:00Z
3
value 0.01488
scoring_system epss
scoring_elements 0.8104
published_at 2026-04-08T12:55:00Z
4
value 0.01488
scoring_system epss
scoring_elements 0.81047
published_at 2026-04-09T12:55:00Z
5
value 0.01488
scoring_system epss
scoring_elements 0.81064
published_at 2026-04-11T12:55:00Z
6
value 0.01488
scoring_system epss
scoring_elements 0.81051
published_at 2026-04-12T12:55:00Z
7
value 0.01488
scoring_system epss
scoring_elements 0.81043
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22707
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22707
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22707
2
reference_url https://usn.ubuntu.com/5903-1/
reference_id USN-5903-1
reference_type
scores
url https://usn.ubuntu.com/5903-1/
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
purl pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sn2-9v3z-5qd8
1
vulnerability VCID-dj2j-yr1r-myej
2
vulnerability VCID-ma83-g8ra-47bd
3
vulnerability VCID-nabb-9r87-mbhw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.53-4%252Bdeb10u2
1
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2
aliases CVE-2022-22707
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nabb-9r87-mbhw
2
url VCID-uk6q-31q8-qqf9
vulnerability_id VCID-uk6q-31q8-qqf9
summary There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-25103
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.5688
published_at 2026-04-13T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.56862
published_at 2026-04-02T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.56883
published_at 2026-04-04T12:55:00Z
3
value 0.00342
scoring_system epss
scoring_elements 0.56859
published_at 2026-04-07T12:55:00Z
4
value 0.00342
scoring_system epss
scoring_elements 0.56911
published_at 2026-04-08T12:55:00Z
5
value 0.00342
scoring_system epss
scoring_elements 0.56914
published_at 2026-04-09T12:55:00Z
6
value 0.00342
scoring_system epss
scoring_elements 0.56923
published_at 2026-04-11T12:55:00Z
7
value 0.00342
scoring_system epss
scoring_elements 0.56903
published_at 2026-04-12T12:55:00Z
8
value 0.00342
scoring_system epss
scoring_elements 0.56767
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-25103
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25103
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25103
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.kb.cert.org/vuls/id/312260
reference_id 312260
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://www.kb.cert.org/vuls/id/312260
4
reference_url https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf
reference_id AMI-SA-2024002.pdf
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf
5
reference_url https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
reference_id d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
6
reference_url https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9
reference_id df8e4f95614e476276a55e34da2aa8b00b1148e9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9
7
reference_url https://www.runzero.com/blog/lighttpd/
reference_id lighttpd
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://www.runzero.com/blog/lighttpd/
8
reference_url https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736
reference_id #more-736
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:05:27Z/
url https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
purl pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sn2-9v3z-5qd8
1
vulnerability VCID-dj2j-yr1r-myej
2
vulnerability VCID-ma83-g8ra-47bd
3
vulnerability VCID-nabb-9r87-mbhw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.53-4%252Bdeb10u2
aliases CVE-2018-25103
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk6q-31q8-qqf9
3
url VCID-wfbv-rpt2-9bcs
vulnerability_id VCID-wfbv-rpt2-9bcs
summary An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19052
reference_id
reference_type
scores
0
value 0.58168
scoring_system epss
scoring_elements 0.98188
published_at 2026-04-13T12:55:00Z
1
value 0.58168
scoring_system epss
scoring_elements 0.98173
published_at 2026-04-01T12:55:00Z
2
value 0.58168
scoring_system epss
scoring_elements 0.98175
published_at 2026-04-02T12:55:00Z
3
value 0.58168
scoring_system epss
scoring_elements 0.98179
published_at 2026-04-04T12:55:00Z
4
value 0.58168
scoring_system epss
scoring_elements 0.9818
published_at 2026-04-07T12:55:00Z
5
value 0.58168
scoring_system epss
scoring_elements 0.98184
published_at 2026-04-08T12:55:00Z
6
value 0.58168
scoring_system epss
scoring_elements 0.98185
published_at 2026-04-09T12:55:00Z
7
value 0.58168
scoring_system epss
scoring_elements 0.98189
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19052
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19052
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19052
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913528
reference_id 913528
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913528
4
reference_url https://usn.ubuntu.com/USN-4775-1/
reference_id USN-USN-4775-1
reference_type
scores
url https://usn.ubuntu.com/USN-4775-1/
fixed_packages
0
url pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
purl pkg:deb/debian/lighttpd@1.4.53-4%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8sn2-9v3z-5qd8
1
vulnerability VCID-dj2j-yr1r-myej
2
vulnerability VCID-ma83-g8ra-47bd
3
vulnerability VCID-nabb-9r87-mbhw
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.53-4%252Bdeb10u2
aliases CVE-2018-19052
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfbv-rpt2-9bcs
Risk_score7.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.53-4%252Bdeb10u2