Lighttpd Multiple Vulnerabilities Network Vulnerability

Summary

This host is running Lighttpd and is prone to multiple vulnerabilities

Impact

Successful exploitation will allow remote attackers to execute arbitrary SQL commands and remote attackers to read arbitrary files via hostname. Impact Level: System/Application

Solution

Upgrade to 1.4.35 or higher, For updates refer to http://www.lighttpd.net/download

Insight

- mod_mysql_vhost module not properly sanitizing user supplied input passed via the hostname. - mod_evhost and mod_simple_vhost modules not properly sanitizing user supplied input via the hostname.

Affected

Lighttpd version before 1.4.35

Detection

Send a crafted HTTP GET request and check whether it responds with error message.

References

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
http://osvdb.org/104381
http://osvdb.org/104382
http://seclists.org/oss-sec/2014/q1/561

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2323, CVE-2014-2324
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ModSecurity Multiple Remote Denial of Service Vulnerabilities
IIS directory traversal
Apache Multiple Security Vulnerabilities
CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability
IIS .IDA ISAPI filter applied

Lighttpd Multiple vulnerabilities

Take action and discover your vulnerabilities