This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote web server may be affected by several issues.
According to its banner, the version of lighttpd installed on the
remote host is older than 1.4.20. Such versions may be affected by
several issues, including :
- SSL connections could be shut down by a remote attacker.
- URL rewrite and redirect patterns can be circumvented by
- mod_userdir does not sanitize URLs, which could lead to
information disclosure on case insensitive file systems.
e.g. http://example.com/~user/file.PHP would get the
source code of
file.php, instead of running the script.
- The server leaks memory when it processes duplicate
headers. This could
lead to a denial of service by resource exhaustion.
See also :
Update lighttpd to version 1.4.20 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 34332 (lighttpd_1_4_20.nasl)
Bugtraq ID: 28489314343159931600
CVE ID: CVE-2008-1531CVE-2008-4298CVE-2008-4359CVE-2008-4360
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.