Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 35 results


CVE-2008-4360

Low priority

Some fixes available 1 of 4

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to...

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2008-4359

Low priority
Ignored

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and...

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2008-4298

Low priority

Some fixes available 1 of 5

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2008-1531

Medium priority

Some fixes available 7 of 8

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as...

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2008-1270

Low priority
Fixed

mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2008-1111

Low priority
Fixed

mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2008-0983

Low priority
Fixed

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections,...

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2007-4727

Unknown priority
Fixed

Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP...

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2007-3950

Unknown priority
Fixed

lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the...

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages

CVE-2007-3949

Unknown priority
Fixed

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

1 affected packages

lighttpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lighttpd
Show less packages