This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:lighttpd:lighttpd
Detail
VendorLighttpdFirst view 2005-02-16
ProductLighttpdLast view 2014-03-14
VersionTypeApplication
Edition 
Language 
Update 

Activity : Overall

COMMON PLATFORM ENUMERATION : Repartition per Version

CPE NameAffected CVE
cpe:/a:lighttpd:lighttpd:1.5.02
cpe:/a:lighttpd:lighttpd:1.4.912
cpe:/a:lighttpd:lighttpd:1.4.812
cpe:/a:lighttpd:lighttpd:1.4.712
cpe:/a:lighttpd:lighttpd:1.4.611
Hide | Show 70 More...
CPE NameAffected CVE
cpe:/a:lighttpd:lighttpd:1.4.511
cpe:/a:lighttpd:lighttpd:1.4.411
cpe:/a:lighttpd:lighttpd:1.4.342
cpe:/a:lighttpd:lighttpd:1.4.333
cpe:/a:lighttpd:lighttpd:1.4.326
cpe:/a:lighttpd:lighttpd:1.4.316
cpe:/a:lighttpd:lighttpd:1.4.305
cpe:/a:lighttpd:lighttpd:1.4.311
cpe:/a:lighttpd:lighttpd:1.4.295
cpe:/a:lighttpd:lighttpd:1.4.285
cpe:/a:lighttpd:lighttpd:1.4.276
cpe:/a:lighttpd:lighttpd:1.4.266
cpe:/a:lighttpd:lighttpd:1.4.258
cpe:/a:lighttpd:lighttpd:1.4.248
cpe:/a:lighttpd:lighttpd:1.4.237
cpe:/a:lighttpd:lighttpd:1.4.227
cpe:/a:lighttpd:lighttpd:1.4.217
cpe:/a:lighttpd:lighttpd:1.4.207
cpe:/a:lighttpd:lighttpd:1.4.26
cpe:/a:lighttpd:lighttpd:1.4.1910
cpe:/a:lighttpd:lighttpd:1.4.1812
cpe:/a:lighttpd:lighttpd:1.4.179
cpe:/a:lighttpd:lighttpd:1.4.1610
cpe:/a:lighttpd:lighttpd:1.4.1516
cpe:/a:lighttpd:lighttpd:1.4.149
cpe:/a:lighttpd:lighttpd:1.4.1312
cpe:/a:lighttpd:lighttpd:1.4.1212
cpe:/a:lighttpd:lighttpd:1.4.1110
cpe:/a:lighttpd:lighttpd:1.4.1012
cpe:/a:lighttpd:lighttpd:1.4.15
cpe:/a:lighttpd:lighttpd:1.4.07
cpe:/a:lighttpd:lighttpd:1.3.97
cpe:/a:lighttpd:lighttpd:1.3.87
cpe:/a:lighttpd:lighttpd:1.3.76
cpe:/a:lighttpd:lighttpd:1.3.67
cpe:/a:lighttpd:lighttpd:1.3.57
cpe:/a:lighttpd:lighttpd:1.3.47
cpe:/a:lighttpd:lighttpd:1.3.37
cpe:/a:lighttpd:lighttpd:1.3.27
cpe:/a:lighttpd:lighttpd:1.3.1610
cpe:/a:lighttpd:lighttpd:1.3.157
cpe:/a:lighttpd:lighttpd:1.3.147
cpe:/a:lighttpd:lighttpd:1.3.137
cpe:/a:lighttpd:lighttpd:1.3.127
cpe:/a:lighttpd:lighttpd:1.3.117
cpe:/a:lighttpd:lighttpd:1.3.107
cpe:/a:lighttpd:lighttpd:1.3.17
cpe:/a:lighttpd:lighttpd:1.3.07
cpe:/a:lighttpd:lighttpd:1.2.86
cpe:/a:lighttpd:lighttpd:1.2.76
cpe:/a:lighttpd:lighttpd:1.2.66
cpe:/a:lighttpd:lighttpd:1.2.56
cpe:/a:lighttpd:lighttpd:1.2.44
cpe:/a:lighttpd:lighttpd:1.2.36
cpe:/a:lighttpd:lighttpd:1.2.26
cpe:/a:lighttpd:lighttpd:1.2.16
cpe:/a:lighttpd:lighttpd:1.2.05
cpe:/a:lighttpd:lighttpd:1.1.97
cpe:/a:lighttpd:lighttpd:1.1.87
cpe:/a:lighttpd:lighttpd:1.1.77
cpe:/a:lighttpd:lighttpd:1.1.67
cpe:/a:lighttpd:lighttpd:1.1.57
cpe:/a:lighttpd:lighttpd:1.1.47
cpe:/a:lighttpd:lighttpd:1.1.37
cpe:/a:lighttpd:lighttpd:1.1.27
cpe:/a:lighttpd:lighttpd:1.1.17
cpe:/a:lighttpd:lighttpd:1.1.06
cpe:/a:lighttpd:lighttpd:1.0.36
cpe:/a:lighttpd:lighttpd:1.0.26
cpe:/a:lighttpd:lighttpd2

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
5 2014-03-14 CVE-2014-2324 Network Low None Requ...
7.5 2014-03-14 CVE-2014-2323 Network Low None Requ...
2.6 2013-11-20 CVE-2013-4560 Network High None Requ...
7.6 2013-11-20 CVE-2013-4559 Network High None Requ...
5.8 2013-11-07 CVE-2013-4508 Network Medium None Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
1.9 2013-03-21 CVE-2013-1427 Local Medium None Requ...
5 2012-11-24 CVE-2012-5533 Network Low None Requ...
5 2011-12-24 CVE-2011-4362 Network Low None Requ...
5 2010-02-03 CVE-2010-0295 Network Low None Requ...
7.8 2008-10-03 CVE-2008-4360 Network Low None Requ...
7.5 2008-10-03 CVE-2008-4359 Network Low None Requ...
5 2008-09-27 CVE-2008-4298 Network Low None Requ...
4.3 2008-03-27 CVE-2008-1531 Network Medium None Requ...
5 2008-03-10 CVE-2008-1270 Network Low None Requ...
5 2008-03-04 CVE-2008-1111 Network Low None Requ...
5 2008-02-26 CVE-2008-0983 Network Low None Requ...
6.8 2007-09-12 CVE-2007-4727 Network Medium None Requ...
4.3 2007-07-23 CVE-2007-3950 Network Medium None Requ...
8.3 2007-07-23 CVE-2007-3949 Network Medium None Requ...
4.3 2007-07-23 CVE-2007-3948 Network Medium None Requ...
5.8 2007-07-23 CVE-2007-3947 Network Medium None Requ...
6.4 2007-07-23 CVE-2007-3946 Network Low None Requ...
7.8 2007-04-17 CVE-2007-1870 Network Low None Requ...
5 2007-04-17 CVE-2007-1869 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
33% (5)CWE-399Resource Management Errors
26% (4)CWE-200Information Exposure
6% (1)CWE-310Cryptographic Issues
6% (1)CWE-264Permissions, Privileges, and Access Controls
6% (1)CWE-189Numeric Errors
Hide | Show 3 More...
%idName
6% (1)CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (1)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
6% (1)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:20327DSA-1303-1 lighttpd - denial of service
oval:org.mitre.oval:def:8187DSA-1609 lighttpd -- various
oval:org.mitre.oval:def:20065DSA-1609-1 lighttpd - multiple DOS issues
oval:org.mitre.oval:def:18620DSA-1362-1 lighttpd - several vulnerabilities
oval:org.mitre.oval:def:7977DSA-1513 lighttpd -- information disclosure
Hide | Show 12 More...
idName
oval:org.mitre.oval:def:20397DSA-1513-1 lighttpd - information disclosure
oval:org.mitre.oval:def:7897DSA-1521 lighttpd -- file disclosure
oval:org.mitre.oval:def:20349DSA-1521-1 lighttpd - arbitrary file disclosure
oval:org.mitre.oval:def:7944DSA-1540 lighttpd -- denial of service
oval:org.mitre.oval:def:19996DSA-1540-1 lighttpd
oval:org.mitre.oval:def:8191DSA-1645 lighttpd -- various
oval:org.mitre.oval:def:20257DSA-1645-1 lighttpd - various problems
oval:org.mitre.oval:def:7142DSA-1987 lighttpd -- denial of service
oval:org.mitre.oval:def:13441DSA-1987-1 lighttpd -- denial of service
oval:org.mitre.oval:def:18507DSA-2649-1 lighttpd - fixed socket name in world-writable directory
oval:org.mitre.oval:def:20141DSA-2795-1 lighttpd - several
oval:org.mitre.oval:def:24354DSA-2877-1 lighttpd - security update

Open Source Vulnerability Database (OSVDB)

idDescription
77366lighttpd src/http_auth.c base64_decode() Function Base64 Data Parsing Out-of-...
62068lighttpd HTTP Session Memory Exhaustion Remote DoS
48889lighttpd mod_userdir Filename Component Case Mismatch Remote Access Restricti...
48886lighttpd url.redirect / url.rewrite URL Decoding Remote Security Bypass
48682lighttpd request.c http_request_parse Function Memory Leak Remote DoS
Hide | Show 20 More...
idDescription
43788lighttpd Cross-user Forced SSL Session Termination DoS
43170lighttpd mod_userdir userdir.path Information Disclosure
43169lighttpd mod_cgi Fork Failure CGI Source Disclosure
42363lighttpd File Descriptor Array Connection Saturation Remote DoS
38317lighttpd mod_auth (http_auth.c) Malformed Auth-Digest Header Remote DoS
38316lighttpd mod_auth (http_auth.c) base64_decode Handling Remote DoS
38315lighttpd mod_auth (http_auth.c) Malformed md5-sess Remote DoS
38314lighttpd mod_auth (http_auth.c) Unspecified Memory Leak DoS
38313lighttpd request.c Malformed HTTP Request Remote DoS
38312lighttpd connections.c Connection Saturation Remote DoS
38311lighttpd mod_access.c Crafted URL url.access-deny Bypass
38310lighttpd mod_webdav Debug Message Format Specifier Unspecified DoS
38309lighttpd mod_fastcgi Debug Message Format Specifier Unspecified DoS
38308lighttpd mod_scgi Debug Message Format Specifier Unspecified DoS
36933lighttpd mod_fastcgi HTTP Request Header Overflow
34176lighttpd 0 mtime Null Pointer DoS
34175lighttpd CRLF Processing DoS
23542lighttpd on Windows Crafted Filename Request Script Source Disclosure
23229lighttpd Unexpected Capitalization File Extension Request Source Disclosure
13844lighttpd Null Byte Request CGI Script Source Code Disclosure

ExploitDB Exploits

idDescription
22902lighttpd 1.4.31 Denial of Service PoC
18295lighttpd Denial of Service Vulnerability PoC

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-11-26Name : FreeBSD Ports: lighttpd
File : nvt/freebsd_lighttpd8.nasl
2012-11-23Name : Lighttpd Connection header Denial of Service Vulnerability
File : nvt/gb_lighttpd_connection_hdr_dos_vuln.nasl
2012-08-30Name : Fedora Update for lighttpd FEDORA-2012-9040
File : nvt/gb_fedora_2012_9040_lighttpd_fc17.nasl
2012-06-28Name : Fedora Update for lighttpd FEDORA-2012-9078
File : nvt/gb_fedora_2012_9078_lighttpd_fc16.nasl
2012-02-11Name : Debian Security Advisory DSA 2368-1 (lighttpd)
File : nvt/deb_2368_1.nasl
Hide | Show 20 More...
idDescription
2011-03-09Name : Gentoo Security Advisory GLSA 201006-17 (lighttpd)
File : nvt/glsa_201006_17.nasl
2010-05-17Name : Fedora Update for lighttpd FEDORA-2010-7636
File : nvt/gb_fedora_2010_7636_lighttpd_fc11.nasl
2010-05-17Name : Fedora Update for lighttpd FEDORA-2010-7643
File : nvt/gb_fedora_2010_7643_lighttpd_fc12.nasl
2010-02-18Name : FreeBSD Ports: lighttpd
File : nvt/freebsd_lighttpd6.nasl
2010-02-10Name : Debian Security Advisory DSA 1987-1 (lighttpd)
File : nvt/deb_1987_1.nasl
2010-02-02Name : lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
File : nvt/lighttpd_38036.nasl
2010-01-14Name : Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
File : nvt/lighttpd_31600.nasl
2009-02-27Name : Fedora Update for lighttpd FEDORA-2007-2132
File : nvt/gb_fedora_2007_2132_lighttpd_fc7.nasl
2009-02-17Name : Fedora Update for lighttpd FEDORA-2008-3343
File : nvt/gb_fedora_2008_3343_lighttpd_fc7.nasl
2009-02-17Name : Fedora Update for lighttpd FEDORA-2008-3376
File : nvt/gb_fedora_2008_3376_lighttpd_fc8.nasl
2009-02-17Name : Fedora Update for lighttpd FEDORA-2008-4119
File : nvt/gb_fedora_2008_4119_lighttpd_fc9.nasl
2009-02-16Name : Fedora Update for lighttpd FEDORA-2008-2262
File : nvt/gb_fedora_2008_2262_lighttpd_fc7.nasl
2009-02-16Name : Fedora Update for lighttpd FEDORA-2008-2278
File : nvt/gb_fedora_2008_2278_lighttpd_fc8.nasl
2009-02-13Name : Fedora Core 9 FEDORA-2008-11923 (lighttpd)
File : nvt/fcore_2008_11923.nasl
2008-12-03Name : Gentoo Security Advisory GLSA 200812-04 (lighttpd)
File : nvt/glsa_200812_04.nasl
2008-10-03Name : FreeBSD Ports: lighttpd
File : nvt/freebsd_lighttpd5.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200502-21 (lighttpd)
File : nvt/glsa_200502_21.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200803-10 (lighttpd)
File : nvt/glsa_200803_10.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200804-08 (lighttpd)
File : nvt/glsa_200804_08.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200705-07 (lighttpd)
File : nvt/glsa_200705_07.nasl

Snort® IPS/IDS

DateDescription
2014-01-10lighthttpd connection header denial of service attempt
RuleID : 24805 - Type : SERVER-OTHER - Revision : 2
2014-01-10Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt
RuleID : 17386 - Type : SERVER-WEBAPP - Revision : 8

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2014-10-11Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-346.nasl - Type : ACT_GATHER_INFO
2014-06-16Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-10.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-257.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-110.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-801.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-43.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_lighttpd-120130.nasl - Type : ACT_GATHER_INFO
2014-03-26Name : The remote Fedora host is missing a security update.
File : fedora_2014-3887.nasl - Type : ACT_GATHER_INFO
2014-03-26Name : The remote Fedora host is missing a security update.
File : fedora_2014-3947.nasl - Type : ACT_GATHER_INFO
2014-03-20Name : The version of lighttpd running on the remote web server is potentially affec...
File : lighttpd_1_4_35.nasl - Type : ACT_GATHER_INFO
2014-03-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2877.nasl - Type : ACT_GATHER_INFO
2014-03-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-299.nasl - Type : ACT_GATHER_INFO
2014-03-05Name : The version of lighttpd running on the remote web server is potentially affec...
File : lighttpd_1_4_34.nasl - Type : ACT_GATHER_INFO
2014-02-24Name : The remote Fedora host is missing a security update.
File : fedora_2014-2495.nasl - Type : ACT_GATHER_INFO
2014-02-24Name : The remote Fedora host is missing a security update.
File : fedora_2014-2506.nasl - Type : ACT_GATHER_INFO
2014-02-14Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_90b27045953011e39d09000c2980a9f3.nasl - Type : ACT_GATHER_INFO
2013-11-22Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-277.nasl - Type : ACT_GATHER_INFO
2013-11-21Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2795.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-107.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-179.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Fedora host is missing a security update.
File : fedora_2013-15344.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Fedora host is missing a security update.
File : fedora_2013-15345.nasl - Type : ACT_GATHER_INFO
2013-04-20Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-100.nasl - Type : ACT_GATHER_INFO
2013-03-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2649.nasl - Type : ACT_GATHER_INFO
2012-11-29Name : The remote web server is potentially affected by a denial of service vulnerab...
File : lighttpd_1_4_32.nasl - Type : ACT_GATHER_INFO