Lighttpd: >> Lighttpd >> 1.4.10 Security Vulnerabilities
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.
CVSS Score
8.3
EPSS Score
0.006
Published
2007-07-24
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.
CVSS Score
4.3
EPSS Score
0.018
Published
2007-07-24
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
CVSS Score
7.8
EPSS Score
0.017
Published
2007-04-18
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
CVSS Score
5.0
EPSS Score
0.025
Published
2006-03-06
Page 3