CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-4362

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.045

EPSS Ranking 88.5%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2011-4362

Lighttpd » Lighttpd » Version: 1.4.1

cpe:2.3:a:lighttpd:lighttpd:1.4.1
Lighttpd » Lighttpd » Version: 1.4.10

cpe:2.3:a:lighttpd:lighttpd:1.4.10
Lighttpd » Lighttpd » Version: 1.4.11

cpe:2.3:a:lighttpd:lighttpd:1.4.11
Lighttpd » Lighttpd » Version: 1.4.12

cpe:2.3:a:lighttpd:lighttpd:1.4.12
Lighttpd » Lighttpd » Version: 1.4.13

cpe:2.3:a:lighttpd:lighttpd:1.4.13
Lighttpd » Lighttpd » Version: 1.4.14

cpe:2.3:a:lighttpd:lighttpd:1.4.14
Lighttpd » Lighttpd » Version: 1.4.15

cpe:2.3:a:lighttpd:lighttpd:1.4.15
Lighttpd » Lighttpd » Version: 1.4.16

cpe:2.3:a:lighttpd:lighttpd:1.4.16
Lighttpd » Lighttpd » Version: 1.4.17

cpe:2.3:a:lighttpd:lighttpd:1.4.17
Lighttpd » Lighttpd » Version: 1.4.18

cpe:2.3:a:lighttpd:lighttpd:1.4.18
Lighttpd » Lighttpd » Version: 1.4.19

cpe:2.3:a:lighttpd:lighttpd:1.4.19
Lighttpd » Lighttpd » Version: 1.4.2

cpe:2.3:a:lighttpd:lighttpd:1.4.2
Lighttpd » Lighttpd » Version: 1.4.20

cpe:2.3:a:lighttpd:lighttpd:1.4.20
Lighttpd » Lighttpd » Version: 1.4.21

cpe:2.3:a:lighttpd:lighttpd:1.4.21
Lighttpd » Lighttpd » Version: 1.4.22

cpe:2.3:a:lighttpd:lighttpd:1.4.22
Lighttpd » Lighttpd » Version: 1.4.23

cpe:2.3:a:lighttpd:lighttpd:1.4.23
Lighttpd » Lighttpd » Version: 1.4.24

cpe:2.3:a:lighttpd:lighttpd:1.4.24
Lighttpd » Lighttpd » Version: 1.4.25

cpe:2.3:a:lighttpd:lighttpd:1.4.25
Lighttpd » Lighttpd » Version: 1.4.26

cpe:2.3:a:lighttpd:lighttpd:1.4.26
Lighttpd » Lighttpd » Version: 1.4.27

cpe:2.3:a:lighttpd:lighttpd:1.4.27
Lighttpd » Lighttpd » Version: 1.4.28

cpe:2.3:a:lighttpd:lighttpd:1.4.28
Lighttpd » Lighttpd » Version: 1.4.29

cpe:2.3:a:lighttpd:lighttpd:1.4.29
Lighttpd » Lighttpd » Version: 1.4.3

cpe:2.3:a:lighttpd:lighttpd:1.4.3
Lighttpd » Lighttpd » Version: 1.4.4

cpe:2.3:a:lighttpd:lighttpd:1.4.4
Lighttpd » Lighttpd » Version: 1.4.5

cpe:2.3:a:lighttpd:lighttpd:1.4.5
Lighttpd » Lighttpd » Version: 1.4.6

cpe:2.3:a:lighttpd:lighttpd:1.4.6
Lighttpd » Lighttpd » Version: 1.4.7

cpe:2.3:a:lighttpd:lighttpd:1.4.7
Lighttpd » Lighttpd » Version: 1.4.8

cpe:2.3:a:lighttpd:lighttpd:1.4.8
Lighttpd » Lighttpd » Version: 1.4.9

cpe:2.3:a:lighttpd:lighttpd:1.4.9
Lighttpd » Lighttpd » Version: 1.5.0

cpe:2.3:a:lighttpd:lighttpd:1.5.0
Debian » Debian Linux » Version: 5.0

cpe:2.3:o:debian:debian_linux:5.0
Debian » Debian Linux » Version: 6.0

cpe:2.3:o:debian:debian_linux:6.0
Debian » Debian Linux » Version: 7.0

cpe:2.3:o:debian:debian_linux:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-4362

Products

Pricing

Contact Us