Information on source package lighttpd

Available versions

ReleaseVersion
jessie (security)1.4.35-4+deb8u1
stretch1.4.45-1
buster1.4.49-1.1
sid1.4.49-1.1

Open issues

BugjessiestretchbustersidDescription
CVE-2015-3200vulnerable (no DSA)fixedfixedfixedmod_auth in lighttpd before 1.4.36 allows remote attackers to inject ...

Resolved issues

BugDescription
TEMP-0000000-589A35"slowloris" denial-of-service vulnerabilty in webservers
TEMP-0000000-37DBC3use after free / double free
CVE-2016-1000212Mitigation for HTTPoxy vulnerability
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...
CVE-2014-2469Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows ...
CVE-2014-2324Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) ...
CVE-2014-2323SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before ...
CVE-2013-4560Use-after-free vulnerability in lighttpd before 1.4.33 allows remote ...
CVE-2013-4559lighttpd before 1.4.33 does not check the return value of the (1) ...
CVE-2013-4508lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ...
CVE-2013-1427The configuration file for the FastCGI PHP support for lighttpd before ...
CVE-2012-5533The http_request_split_value function in request.c in lighttpd before ...
CVE-2012-4929The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...
CVE-2011-4362Integer signedness error in the base64_decode function in the HTTP ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft ...
CVE-2010-0295lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...
CVE-2008-4360mod_userdir in lighttpd before 1.4.20, when a case-insensitive ...
CVE-2008-4359lighttpd before 1.4.20 compares URIs to patterns in the (1) ...
CVE-2008-4298Memory leak in the http_request_parse function in request.c in ...
CVE-2008-1531The connection_state_machine function (connections.c) in lighttpd ...
CVE-2008-1270mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not ...
CVE-2008-1111mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts ...
CVE-2008-0983lighttpd 1.4.18, and possibly other versions before 1.5.0, does not ...
CVE-2007-4727Buffer overflow in the fcgi_env_add function in ...
CVE-2007-3950lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...
CVE-2007-3949mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...
CVE-2007-3948connections.c in lighttpd before 1.4.16 might accept more connections ...
CVE-2007-3947request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...
CVE-2007-3946mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote ...
CVE-2007-2841lighttpd DoS
CVE-2007-1870lighttpd before 1.4.14 allows attackers to cause a denial of service ...
CVE-2007-1869lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...

Security announcements

DSA / DLADescription
DSA-3642-1lighttpd - security update
DLA-583-1lighttpd - security update
DSA-3489-1lighttpd - security update
DLA-282-1lighttpd - security update
DSA-2877-1lighttpd - security update
DSA-2877-1lighttpd - security update
DSA-2795-1lighttpd - several
DSA-2795-1lighttpd - several
DSA-2649-1lighttpd - fixed socket name in world-writable directory
DSA-2626-1lighttpd - several issues
DSA-2368-1lighttpd - several
DSA-2368-1lighttpd - several
DSA-1987-1lighttpd - denial of service
DSA-1987-1lighttpd - denial of service
DSA-1645-1lighttpd - various problems
DSA-1609-1lighttpd - multiple DOS issues
DSA-1540-1lighttpd
DSA-1521-1lighttpd - arbitrary file disclosure
DSA-1513-1lighttpd - information disclosure
DSA-1362-1lighttpd - several vulnerabilities
DSA-1303-1lighttpd - denial of service

Search for package or bug name: Reporting problems