Information on source package lighttpd

Available versions

ReleaseVersion
jessie (security)1.4.35-4+deb8u1
stretch1.4.45-1
buster1.4.53-4
sid1.4.53-4

Open issues

BugjessiestretchbustersidDescription
CVE-2018-19052vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn issue was discovered in mod_alias_physical_handler in mod_alias.c i ...
CVE-2015-3200vulnerable (no DSA)fixedfixedfixedmod_auth in lighttpd before 1.4.36 allows remote attackers to inject a ...

Resolved issues

BugDescription
TEMP-0000000-589A35"slowloris" denial-of-service vulnerabilty in webservers
TEMP-0000000-37DBC3use after free / double free
CVE-2019-11072** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, w ...
CVE-2016-1000212Mitigation for HTTPoxy vulnerability
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...
CVE-2014-2469Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows at ...
CVE-2014-2324Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) ...
CVE-2014-2323SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1. ...
CVE-2013-4560Use-after-free vulnerability in lighttpd before 1.4.33 allows remote a ...
CVE-2013-4559lighttpd before 1.4.33 does not check the return value of the (1) setu ...
CVE-2013-4508lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphe ...
CVE-2013-1427The configuration file for the FastCGI PHP support for lighttpd before ...
CVE-2012-5533The http_request_split_value function in request.c in lighttpd before ...
CVE-2012-4929The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ...
CVE-2011-4362Integer signedness error in the base64_decode function in the HTTP aut ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft Windo ...
CVE-2010-0295lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read op ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...
CVE-2008-4360mod_userdir in lighttpd before 1.4.20, when a case-insensitive operati ...
CVE-2008-4359lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redire ...
CVE-2008-4298Memory leak in the http_request_parse function in request.c in lighttp ...
CVE-2008-1531The connection_state_machine function (connections.c) in lighttpd 1.4. ...
CVE-2008-1270mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not s ...
CVE-2008-1111mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instea ...
CVE-2008-0983lighttpd 1.4.18, and possibly other versions before 1.5.0, does not pr ...
CVE-2007-4727Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fast ...
CVE-2007-3950lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...
CVE-2007-3949mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...
CVE-2007-3948connections.c in lighttpd before 1.4.16 might accept more connections ...
CVE-2007-3947request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...
CVE-2007-3946mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attacke ...
CVE-2007-2841lighttpd DoS
CVE-2007-1870lighttpd before 1.4.14 allows attackers to cause a denial of service ( ...
CVE-2007-1869lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial o ...

Security announcements

DSA / DLADescription
DSA-3642-1lighttpd - security update
DLA-583-1lighttpd - security update
DSA-3489-1lighttpd - security update
DLA-282-1lighttpd - security update
DSA-2877-1lighttpd - security update
DSA-2877-1lighttpd - security update
DSA-2795-1lighttpd - several
DSA-2795-1lighttpd - several
DSA-2649-1lighttpd - fixed socket name in world-writable directory
DSA-2626-1lighttpd - several issues
DSA-2368-1lighttpd - several
DSA-2368-1lighttpd - several
DSA-1987-1lighttpd - denial of service
DSA-1987-1lighttpd - denial of service
DSA-1645-1lighttpd - various problems
DSA-1609-1lighttpd - multiple DOS issues
DSA-1540-1lighttpd
DSA-1521-1lighttpd - arbitrary file disclosure
DSA-1513-1lighttpd - information disclosure
DSA-1362-1lighttpd - several vulnerabilities
DSA-1303-1lighttpd - denial of service

Search for package or bug name: Reporting problems