Description
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
Remediation
References
Related Vulnerabilities
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-6188)
WordPress Plugin IP Geo Block Security Bypass (2.2.2)
Oracle Database Server CVE-2008-0346 Vulnerability (CVE-2008-0346)
PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-3823)