HP Security Bulletin HPSBGN03191 1 - A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd. These vulnerabilities could be exploited remotely resulting in disclosure of information, elevation of privilege, SQL injection, or to create a Denial of Service (DoS). These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the lighttpd based vCAS Web Server. Revision 1 of this advisory.
6f968d85b22f5fbfed109939f90483ff9eef7b3027bef59336a2b90ece346765
Gentoo Linux Security Advisory 201406-10 - Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. Versions less than 1.4.35 are affected.
e017516a6f3a848b9abd4c61f5d7bd6822ea6e44021b22c85ae960c93b959e14
Debian Linux Security Advisory 2877-1 - Several vulnerabilities were discovered in the lighttpd web server.
1b636c5aece6a80bb396c37c59b82d4c2b12f55fc71f7bada298470800c1290f