CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2324

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.699

EPSS Ranking 98.6%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2014-2324

Lighttpd » Lighttpd » Version: 1.3.11

cpe:2.3:a:lighttpd:lighttpd:1.3.11
Lighttpd » Lighttpd » Version: 1.3.12

cpe:2.3:a:lighttpd:lighttpd:1.3.12
Lighttpd » Lighttpd » Version: 1.3.13

cpe:2.3:a:lighttpd:lighttpd:1.3.13
Lighttpd » Lighttpd » Version: 1.3.14

cpe:2.3:a:lighttpd:lighttpd:1.3.14
Lighttpd » Lighttpd » Version: 1.3.15

cpe:2.3:a:lighttpd:lighttpd:1.3.15
Lighttpd » Lighttpd » Version: 1.3.16

cpe:2.3:a:lighttpd:lighttpd:1.3.16
Lighttpd » Lighttpd » Version: 1.4.1

cpe:2.3:a:lighttpd:lighttpd:1.4.1
Lighttpd » Lighttpd » Version: 1.4.10

cpe:2.3:a:lighttpd:lighttpd:1.4.10
Lighttpd » Lighttpd » Version: 1.4.11

cpe:2.3:a:lighttpd:lighttpd:1.4.11
Lighttpd » Lighttpd » Version: 1.4.12

cpe:2.3:a:lighttpd:lighttpd:1.4.12
Lighttpd » Lighttpd » Version: 1.4.13

cpe:2.3:a:lighttpd:lighttpd:1.4.13
Lighttpd » Lighttpd » Version: 1.4.14

cpe:2.3:a:lighttpd:lighttpd:1.4.14
Lighttpd » Lighttpd » Version: 1.4.15

cpe:2.3:a:lighttpd:lighttpd:1.4.15
Lighttpd » Lighttpd » Version: 1.4.16

cpe:2.3:a:lighttpd:lighttpd:1.4.16
Lighttpd » Lighttpd » Version: 1.4.17

cpe:2.3:a:lighttpd:lighttpd:1.4.17
Lighttpd » Lighttpd » Version: 1.4.18

cpe:2.3:a:lighttpd:lighttpd:1.4.18
Lighttpd » Lighttpd » Version: 1.4.19

cpe:2.3:a:lighttpd:lighttpd:1.4.19
Lighttpd » Lighttpd » Version: 1.4.2

cpe:2.3:a:lighttpd:lighttpd:1.4.2
Lighttpd » Lighttpd » Version: 1.4.20

cpe:2.3:a:lighttpd:lighttpd:1.4.20
Lighttpd » Lighttpd » Version: 1.4.21

cpe:2.3:a:lighttpd:lighttpd:1.4.21
Lighttpd » Lighttpd » Version: 1.4.22

cpe:2.3:a:lighttpd:lighttpd:1.4.22
Lighttpd » Lighttpd » Version: 1.4.23

cpe:2.3:a:lighttpd:lighttpd:1.4.23
Lighttpd » Lighttpd » Version: 1.4.24

cpe:2.3:a:lighttpd:lighttpd:1.4.24
Lighttpd » Lighttpd » Version: 1.4.25

cpe:2.3:a:lighttpd:lighttpd:1.4.25
Lighttpd » Lighttpd » Version: 1.4.26

cpe:2.3:a:lighttpd:lighttpd:1.4.26
Lighttpd » Lighttpd » Version: 1.4.27

cpe:2.3:a:lighttpd:lighttpd:1.4.27
Lighttpd » Lighttpd » Version: 1.4.28

cpe:2.3:a:lighttpd:lighttpd:1.4.28
Lighttpd » Lighttpd » Version: 1.4.29

cpe:2.3:a:lighttpd:lighttpd:1.4.29
Lighttpd » Lighttpd » Version: 1.4.3

cpe:2.3:a:lighttpd:lighttpd:1.4.3
Lighttpd » Lighttpd » Version: 1.4.30

cpe:2.3:a:lighttpd:lighttpd:1.4.30
Lighttpd » Lighttpd » Version: 1.4.31

cpe:2.3:a:lighttpd:lighttpd:1.4.31
Lighttpd » Lighttpd » Version: 1.4.32

cpe:2.3:a:lighttpd:lighttpd:1.4.32
Lighttpd » Lighttpd » Version: 1.4.33

cpe:2.3:a:lighttpd:lighttpd:1.4.33
Lighttpd » Lighttpd » Version: 1.4.34

cpe:2.3:a:lighttpd:lighttpd:1.4.34
Lighttpd » Lighttpd » Version: 1.4.4

cpe:2.3:a:lighttpd:lighttpd:1.4.4
Lighttpd » Lighttpd » Version: 1.4.5

cpe:2.3:a:lighttpd:lighttpd:1.4.5
Lighttpd » Lighttpd » Version: 1.4.6

cpe:2.3:a:lighttpd:lighttpd:1.4.6
Lighttpd » Lighttpd » Version: 1.4.7

cpe:2.3:a:lighttpd:lighttpd:1.4.7
Lighttpd » Lighttpd » Version: 1.4.8

cpe:2.3:a:lighttpd:lighttpd:1.4.8
Lighttpd » Lighttpd » Version: 1.4.9

cpe:2.3:a:lighttpd:lighttpd:1.4.9
Contec » Sv-Cpt-Mc310 » Version: N/A

cpe:2.3:h:contec:sv-cpt-mc310:-
Contec » Sv-Cpt-Mc310 Firmware » Version: N/A

cpe:2.3:o:contec:sv-cpt-mc310_firmware:-
Contec » Sv-Cpt-Mc310 Firmware » Version: 6.0

cpe:2.3:o:contec:sv-cpt-mc310_firmware:6.0
Contec » Sv-Cpt-Mc310 Firmware » Version: 6.00

cpe:2.3:o:contec:sv-cpt-mc310_firmware:6.00
Debian » Debian Linux » Version: 6.0

cpe:2.3:o:debian:debian_linux:6.0
Debian » Debian Linux » Version: 7.0

cpe:2.3:o:debian:debian_linux:7.0
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Opensuse » Opensuse » Version: 11.4

cpe:2.3:o:opensuse:opensuse:11.4
Opensuse » Opensuse » Version: 12.3

cpe:2.3:o:opensuse:opensuse:12.3
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1
Suse » Linux Enterprise High Availability Extension » Version: 11

cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11
Suse » Linux Enterprise Software Development Kit » Version: 11

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2324

Products

Pricing

Contact Us