Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2011-4362 First vendor Publication 2011-12-24
Vendor Cve Last vendor Modification 2018-11-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 70
Os 3

ExploitDB Exploits

id Description
2011-12-31 lighttpd Denial of Service Vulnerability PoC

OpenVAS Exploits

Date Description
2012-08-30 Name : Fedora Update for lighttpd FEDORA-2012-9040
File : nvt/gb_fedora_2012_9040_lighttpd_fc17.nasl
2012-06-28 Name : Fedora Update for lighttpd FEDORA-2012-9078
File : nvt/gb_fedora_2012_9078_lighttpd_fc16.nasl
2012-02-11 Name : Debian Security Advisory DSA 2368-1 (lighttpd)
File : nvt/deb_2368_1.nasl
0000-00-00 Name : FreeBSD Ports: lighttpd
File : nvt/freebsd_lighttpd7.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77366 lighttpd src/http_auth.c base64_decode() Function Base64 Data Parsing Out-of-...

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_lighttpd_20120417.nasl - Type : ACT_GATHER_INFO
2014-06-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-10.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-110.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_lighttpd-120130.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-107.nasl - Type : ACT_GATHER_INFO
2012-06-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9040.nasl - Type : ACT_GATHER_INFO
2012-06-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9078.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2368.nasl - Type : ACT_GATHER_INFO
2011-12-29 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_c6521b04314b11e19cf45404a67eef98.nasl - Type : ACT_GATHER_INFO
2011-12-28 Name : The remote web server is affected by a denial of service vulnerability.
File : lighttpd_1_4_30.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html
CONFIRM http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt
http://redmine.lighttpd.net/issues/2370
https://bugzilla.redhat.com/show_bug.cgi?id=758624
DEBIAN http://www.debian.org/security/2011/dsa-2368
EXPLOIT-DB http://www.exploit-db.com/exploits/18295
MISC http://blog.pi3.com.pl/?p=277
MLIST http://www.openwall.com/lists/oss-security/2011/11/29/13
http://www.openwall.com/lists/oss-security/2011/11/29/8
SECTRACK http://www.securitytracker.com/id?1026359
SECUNIA http://secunia.com/advisories/47260
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/71536

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2020-05-23 01:47:32
  • Multiple Updates
2020-05-23 00:32:13
  • Multiple Updates
2019-01-04 12:04:06
  • Multiple Updates
2018-11-29 17:19:33
  • Multiple Updates
2017-08-29 09:23:36
  • Multiple Updates
2016-04-26 21:14:11
  • Multiple Updates
2015-01-21 13:25:02
  • Multiple Updates
2014-06-17 13:25:34
  • Multiple Updates
2014-06-14 13:31:57
  • Multiple Updates
2014-02-17 11:06:15
  • Multiple Updates
2013-05-10 23:10:39
  • Multiple Updates