This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote web server may be affected by several issues.
According to its banner, the version of lighttpd installed on the
remote host is older than 1.4.20. Such versions may be affected by
several issues, including :
- SSL connections could be shut down by a remote attacker.
- URL rewrite and redirect patterns can be circumvented by
- mod_userdir does not sanitize URLs, which could lead to
information disclosure on case insensitive file systems.
e.g. http://example.com/~user/file.PHP would get the
source code of
file.php, instead of running the script.
- The server leaks memory when it processes duplicate
headers. This could
lead to a denial of service by resource exhaustion.
See also :
Update lighttpd to version 1.4.20 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true