Detections
Analytics
FreeBSD : lighttpd - multiple vulnerabilities (ef0033ad-5823-11e6-80cc-001517f335e2)
high Nessus Plugin ID 92713
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
Lighttpd Project reports :Security fixes for Lighttpd :
- security: encode quoting chars in HTML and XML
- security: ensure gid != 0 if server.username is set, but not server.groupname
- security: disable stat_cache if server.follow-symlink = 'disable'
- security: httpoxy defense: do not emit HTTP_PROXY to CGI env
Solution
Update the affected package.See Also
http://www.lighttpd.net/2016/7/31/1.4.41/
Plugin Details
Severity: High
ID: 92713
File Name: freebsd_pkg_ef0033ad582311e680cc001517f335e2.nasl
Version: 2.3
Type: local
Family: FreeBSD Local Security Checks
Published: 8/4/2016
Updated: 1/4/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:lighttpd, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 8/3/2016
Vulnerability Publication Date: 7/31/2016