This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
Several vulnerabilities were discovered in lighttpd, a fast webserver
with minimal memory footprint, which could allow the execution of
arbitrary code via the overflow of CGI variables when mod_fcgi was
enabled. The Common Vulnerabilities and Exposures project identifies
the following problems :
The use of mod_auth could leave to a denial of service
attack crashing the webserver.
The improper handling of repeated HTTP headers could
cause a denial of service attack crashing the webserver.
A bug in mod_access potentially allows remote users to
bypass access restrictions via trailing slash
On 32-bit platforms users may be able to create denial
of service attacks, crashing the webserver, via
mod_webdav, mod_fastcgi, or mod_scgi.
See also :
Upgrade the lighttpd package.
For the stable distribution (etch), these problems have been fixed in
Risk factor :
High / CVSS Base Score : 8.3
Public Exploit Available : true