icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

lighttpd < 1.4.35 Multiple Vulnerabilities

Medium

Synopsis

The remote server is running a version of lighttpd that is unpatched for multiple vulnerabilities.

Description

Versions older than 1.4.35 are vulnerable to the following issues:

- Insufficient user input sanitation on the hostname in the 'mod_mysql_vhost' module could be leveraged for a SQL injection attack (CVE-2014-2323)

- Insufficient user input sanitation on the hostname in 'mod_evhost' and 'mod_simple_vhost' modules could be leveraged for directory traversal attacks (CVE-2014-2324)

Solution

Update lighttpd to version 1.4.35 or later.