Lighttpd: >> Lighttpd >> 1.4.13 Security Vulnerabilities
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.
CVSS Score
8.3
EPSS Score
0.006
Published
2007-07-24
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.
CVSS Score
4.3
EPSS Score
0.018
Published
2007-07-24
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
CVSS Score
5.0
EPSS Score
0.059
Published
2007-04-18
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
CVSS Score
7.8
EPSS Score
0.017
Published
2007-04-18
Page 3