pkg:Debian/lighttpd

58 total CVEsCRITICAL5HIGH10MEDIUM3LOW3

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2009-3555pound - security update
from 0, < 1.4.28-2+squeeze1.2
CRITICAL9.8CVE-2009-3555pound - security update
from 0, < 1.4.30-1
CRITICAL9.8CVE-2019-11072lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) o…
from 0, < 1.4.53-4
CRITICAL9.8CVE-2014-2323lighttpd - security update
from 0, < 1.4.33-1+nmu3
CRITICAL9.8CVE-2014-2323lighttpd - security update
from 0, < 1.4.28-2+squeeze1.6
HIGH7.5CVE-2022-41556A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a la…
from 0, < 1.4.59-1+deb11u2
HIGH7.5CVE-2022-37797lighttpd - security update
from 0, < 1.4.59-1+deb11u2
HIGH7.5CVE-2022-37797lighttpd - security update
from 0, < 1.4.59-1+deb11u2
HIGH7.5CVE-2022-37797lighttpd - security update
from 0, < 1.4.53-4+deb10u3
HIGH7.5CVE-2022-30780Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because conne…
from 0, < 1.4.59-1
HIGH7.5CVE-2018-19052lighttpd - security update
from 0, < 1.4.45-1+deb9u1
HIGH7.5CVE-2018-19052lighttpd - security update
from 0, < 1.4.52-1
HIGH7.5CVE-2015-3200mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a…
from 0, < 1.4.37-1
HIGH7.5CVE-2013-4508lighttpd - several
from 0, < 1.4.33-1+nmu1
HIGH7.5CVE-2013-4508lighttpd - several
from 0, < 1.4.28-2+squeeze1.4
MEDIUM5.9CVE-2022-22707lighttpd - security update
from 0, < 1.4.53-4+deb10u2
MEDIUM5.9CVE-2022-22707lighttpd - security update
from 0, < 1.4.59-1+deb11u1
MEDIUM5.3CVE-2018-25103There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in…
from 0, < 1.4.52-1
LOW3.4CVE-2014-3566lighttpd - security update
from 0, < 1.4.35-4
LOW3.4CVE-2014-3566lighttpd - security update
from 0, < 1.4.31-4+deb7u4
LOW3.4CVE-2014-3566lighttpd - security update
from 0, < 1.4.28-2+squeeze1.7
—CVE-2014-2324Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to…
from 0, < 1.4.33-1+nmu3
—CVE-2013-4560Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash)…
from 0, < 1.4.33-1+nmu1
—CVE-2013-4559lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttp…
from 0, < 1.4.33-1+nmu1
—CVE-2013-1427lighttpd - fixed socket name in world-writable directory
from 0, < 1.4.31-4
—CVE-2013-1427lighttpd - fixed socket name in world-writable directory
from 0, < 1.4.28-2+squeeze1.3
—CVE-2012-5533The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite…
from 0, < 1.4.31-2
—CVE-2012-4929nginx - information leak
from 0, < 1.4.30-1
—CVE-2011-4362Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30…
from 0, < 1.4.30-1
—CVE-2011-3389curl - several
from 0, < 1.4.28-2+squeeze1
—CVE-2011-3389curl - several
from 0, < 1.4.30-1
—CVE-2010-0295lighttpd - denial of service
from 0, < 1.4.13-4etch12
—CVE-2010-0295lighttpd - denial of service
from 0, < 1.4.26-1
—CVE-2008-4360mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons…
from 0, < 1.4.19-5
—CVE-2008-4359lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL d…
from 0, < 1.4.19-5
—CVE-2008-4298lighttpd - various problems
from 0, < 1.4.13-4etch11
—CVE-2008-4298lighttpd - various problems
from 0, < 1.4.19-5
—CVE-2008-1531lighttpd
from 0, < 1.4.13-4etch7
—CVE-2008-1531lighttpd
from 0, < 1.4.19-2
—CVE-2008-1270lighttpd - arbitrary file disclosure
from 0, < 1.4.19-1
—CVE-2008-1270lighttpd - arbitrary file disclosure
from 0, < 1.4.13-4etch6
—CVE-2008-1111lighttpd - information disclosure
from 0, < 1.4.13-4etch5
—CVE-2008-1111lighttpd - information disclosure
from 0, < 1.4.18-4
—CVE-2008-0983lighttpd - multiple DOS issues
from 0, < 1.4.13-4etch9
—CVE-2008-0983lighttpd - multiple DOS issues
from 0, < 1.4.18-2
—CVE-2007-4727Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows r…
from 0, < 1.4.18-1
—CVE-2007-3947request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate…
from 0, < 1.4.16-1
—CVE-2007-3949mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny s…
from 0, < 1.4.16-1
—CVE-2007-3948connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a…
from 0, < 1.4.16-1
—CVE-2007-3946lighttpd - several vulnerabilities
from 0, < 1.4.13-4etch4
—CVE-2007-3950lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors…
from 0, < 1.4.16-1
—CVE-2007-3946lighttpd - several vulnerabilities
from 0, < 1.4.16-1
—CVE-2007-1869lighttpd - denial of service
from 0, < 1.4.15-1
—CVE-2007-1869lighttpd - denial of service
from 0, < 1.4.13-4etch1
—CVE-2007-1870lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a N…
from 0, < 1.4.15-1
—CVE-2016-1000212lighttpd - security update
from 0, < 1.4.31-4+deb7u5
—CVE-2016-1000212lighttpd - security update
from 0, < 1.4.43-1
—CVE-2016-1000212lighttpd - security update
from 0, < 1.4.35-4+deb8u1