HP Security Bulletin HPSBGN03191 1 - A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd. These vulnerabilities could be exploited remotely resulting in disclosure of information, elevation of privilege, SQL injection, or to create a Denial of Service (DoS). These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the lighttpd based vCAS Web Server. Revision 1 of this advisory.
6f968d85b22f5fbfed109939f90483ff9eef7b3027bef59336a2b90ece346765Gentoo Linux Security Advisory 201406-10 - Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. Versions less than 1.4.35 are affected.
e017516a6f3a848b9abd4c61f5d7bd6822ea6e44021b22c85ae960c93b959e14Mandriva Linux Security Advisory 2013-100 - The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service via a request with a header containing an empty token, as demonstrated using the Connection: TE,,Keep-Alive header.
22be207a6d4296eb91de3d6af14859bdba5fa94fb7ecb8401dc6835e88c874daSimple Lighttpd version 1.4.31 denial of service proof of concept exploit.
bb9db2d5fb90777223307f529d060fc6a280653ad1ae2d1bd6798d5cfd9126c8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed