FreeBSD : lighttpd - multiple vulnerabilities (ef0033ad-5823-11e6-80cc-001517f335e2)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Lighttpd Project reports :

Security fixes for Lighttpd :

- security: encode quoting chars in HTML and XML

- security: ensure gid != 0 if server.username is set, but not
server.groupname

- security: disable stat_cache if server.follow-symlink =
'disable'

- security: httpoxy defense: do not emit HTTP_PROXY to CGI env

See also :

http://www.lighttpd.net/2016/7/31/1.4.41/
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211495
http://www.nessus.org/u?93a10eee

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92713 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now