pkg:Debian/lighttpd

58 total CVEsCRITICAL5HIGH10MEDIUM3LOW3

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2009-3555pound - security update
from 0, < 1.4.28-2+squeeze1.2
CRITICAL9.8CVE-2009-3555pound - security update
from 0, < 1.4.30-1
CRITICAL9.8CVE-2019-11072lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) o…
from 0, < 1.4.53-4
CRITICAL9.8lighttpd - security update
from 0, < 1.4.33-1+nmu3
CRITICAL9.8lighttpd - security update
from 0, < 1.4.28-2+squeeze1.6
HIGH7.5A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a la…
from 0, < 1.4.59-1+deb11u2
HIGH7.5lighttpd - security update
from 0, < 1.4.59-1+deb11u2
HIGH7.5lighttpd - security update
from 0, < 1.4.59-1+deb11u2
HIGH7.5lighttpd - security update
from 0, < 1.4.53-4+deb10u3
HIGH7.5Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because conne…
from 0, < 1.4.59-1
HIGH7.5lighttpd - security update
from 0, < 1.4.45-1+deb9u1
HIGH7.5lighttpd - security update
from 0, < 1.4.52-1
HIGH7.5mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a…
from 0, < 1.4.37-1
HIGH7.5lighttpd - several
from 0, < 1.4.33-1+nmu1
HIGH7.5lighttpd - several
from 0, < 1.4.28-2+squeeze1.4
MEDIUM5.9lighttpd - security update
from 0, < 1.4.53-4+deb10u2
MEDIUM5.9lighttpd - security update
from 0, < 1.4.59-1+deb11u1
MEDIUM5.3There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in…
from 0, < 1.4.52-1
LOW3.4lighttpd - security update
from 0, < 1.4.35-4
LOW3.4lighttpd - security update
from 0, < 1.4.31-4+deb7u4
LOW3.4lighttpd - security update
from 0, < 1.4.28-2+squeeze1.7
—Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to…
from 0, < 1.4.33-1+nmu3
—Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash)…
from 0, < 1.4.33-1+nmu1
—lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttp…
from 0, < 1.4.33-1+nmu1
—lighttpd - fixed socket name in world-writable directory
from 0, < 1.4.31-4
—lighttpd - fixed socket name in world-writable directory
from 0, < 1.4.28-2+squeeze1.3
—The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite…
from 0, < 1.4.31-2
—nginx - information leak
from 0, < 1.4.30-1
—Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30…
from 0, < 1.4.30-1
—curl - several
from 0, < 1.4.28-2+squeeze1
—curl - several
from 0, < 1.4.30-1
—lighttpd - denial of service
from 0, < 1.4.13-4etch12
—lighttpd - denial of service
from 0, < 1.4.26-1
—mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons…
from 0, < 1.4.19-5
—lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL d…
from 0, < 1.4.19-5
—lighttpd - various problems
from 0, < 1.4.13-4etch11
—lighttpd - various problems
from 0, < 1.4.19-5
—lighttpd
from 0, < 1.4.13-4etch7
—lighttpd
from 0, < 1.4.19-2
—lighttpd - arbitrary file disclosure
from 0, < 1.4.19-1
—lighttpd - arbitrary file disclosure
from 0, < 1.4.13-4etch6
—lighttpd - information disclosure
from 0, < 1.4.13-4etch5
—lighttpd - information disclosure
from 0, < 1.4.18-4
—lighttpd - multiple DOS issues
from 0, < 1.4.13-4etch9
—lighttpd - multiple DOS issues
from 0, < 1.4.18-2
—Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows r…
from 0, < 1.4.18-1
—request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate…
from 0, < 1.4.16-1
—mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny s…
from 0, < 1.4.16-1
—connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a…
from 0, < 1.4.16-1
—lighttpd - several vulnerabilities
from 0, < 1.4.13-4etch4
—lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors…
from 0, < 1.4.16-1
—lighttpd - several vulnerabilities
from 0, < 1.4.16-1
—lighttpd - denial of service
from 0, < 1.4.15-1
—lighttpd - denial of service
from 0, < 1.4.13-4etch1
—lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a N…
from 0, < 1.4.15-1
—lighttpd - security update
from 0, < 1.4.31-4+deb7u5
—lighttpd - security update
from 0, < 1.4.43-1
—lighttpd - security update
from 0, < 1.4.35-4+deb8u1

Debian/lighttpd — 58 CVEs · VulnScope