FreeBSD : lighttpd -- multiple vulnerabilities (fc9c217e-3791-11dc-bb1a-000fea449b8a)

high Nessus Plugin ID 25788

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Secunia Advisory reports :

Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).

Solution

Update the affected package.

See Also

http://trac.lighttpd.net/trac/ticket/1216

http://trac.lighttpd.net/trac/ticket/1232

http://trac.lighttpd.net/trac/ticket/1230

http://trac.lighttpd.net/trac/ticket/1263

http://www.nessus.org/u?ea2b217c

Plugin Details

Severity: High

ID: 25788

File Name: freebsd_pkg_fc9c217e379111dcbb1a000fea449b8a.nasl

Version: 1.14

Type: local

Published: 7/27/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 8.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:lighttpd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/21/2007

Vulnerability Publication Date: 7/20/2007

Reference Information

CVE: CVE-2007-3947, CVE-2007-3948, CVE-2007-3949, CVE-2007-3950