Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

lighttpd < 1.4.35 Multiple Vulnerabilities

Medium

Synopsis

The remote server is running a version of lighttpd that is unpatched for multiple vulnerabilities.

Description

Versions older than 1.4.35 are vulnerable to the following issues:

- Insufficient user input sanitation on the hostname in the 'mod_mysql_vhost' module could be leveraged for a SQL injection attack (CVE-2014-2323)

- Insufficient user input sanitation on the hostname in 'mod_evhost' and 'mod_simple_vhost' modules could be leveraged for directory traversal attacks (CVE-2014-2324)

Solution

Update lighttpd to version 1.4.35 or later.