HP Security Bulletin HPSBGN03191 1 - A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd. These vulnerabilities could be exploited remotely resulting in disclosure of information, elevation of privilege, SQL injection, or to create a Denial of Service (DoS). These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the lighttpd based vCAS Web Server. Revision 1 of this advisory.
6f968d85b22f5fbfed109939f90483ff9eef7b3027bef59336a2b90ece346765
Gentoo Linux Security Advisory 201406-10 - Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. Versions less than 1.4.35 are affected.
e017516a6f3a848b9abd4c61f5d7bd6822ea6e44021b22c85ae960c93b959e14
Mandriva Linux Security Advisory 2013-100 - The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service via a request with a header containing an empty token, as demonstrated using the Connection: TE,,Keep-Alive header.
22be207a6d4296eb91de3d6af14859bdba5fa94fb7ecb8401dc6835e88c874da
Simple Lighttpd version 1.4.31 denial of service proof of concept exploit.
bb9db2d5fb90777223307f529d060fc6a280653ad1ae2d1bd6798d5cfd9126c8