 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.58581 |
| Category: | Debian Local Security Checks |
| Title: | Debian Security Advisory DSA 1362-1 (lighttpd) |
| Summary: | The remote host is missing an update to lighttpd announced via advisory DSA 1362-1.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1362)' (OID: 1.3.6.1.4.1.25623.1.0.58644). |
| Description: | Summary: The remote host is missing an update to lighttpd announced via advisory DSA 1362-1. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1362)' (OID: 1.3.6.1.4.1.25623.1.0.58644). Vulnerability Insight: Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3946 The use of mod_auth could leave to a denial of service attack crashing the webserver CVE-2007-3947 The improper handling of repeated HTTP headers could cause a denial of serve attack crashing the webserver. CVE-2007-3949 A bug in mod_access potentially allows remote users to bypass access restrictions via trailing slash characters. CVE-2007-3950 On 32-bit platforms users may be able to create denial of service attacks, crashing the webserver, via mod_webdav, mod_fastcgi, or mod_scgi. For the stable distribution (etch), these problems have been fixed in version 1.4.13-4etch3. For the unstable distribution (sid), these problems have been fixed in version 1.4.16-1. Solution: We recommend that you upgrade your lighttpd package. CVSS Score: 8.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-3946 BugTraq ID: 24967 http://www.securityfocus.com/bid/24967 Bugtraq: 20070719 rPSA-2007-0145-1 lighttpd (Google Search) http://www.securityfocus.com/archive/1/474131/100/0/threaded Debian Security Information: DSA-1362 (Google Search) http://www.debian.org/security/2007/dsa-1362 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1875 http://osvdb.org/38314 http://osvdb.org/38315 http://osvdb.org/38316 http://osvdb.org/38317 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 SuSE Security Announcement: SUSE-SR:2007:015 (Google Search) http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.vupen.com/english/advisories/2007/2585 Common Vulnerability Exposure (CVE) ID: CVE-2007-3947 http://trac.lighttpd.net/trac/changeset/1869 http://osvdb.org/38313 Common Vulnerability Exposure (CVE) ID: CVE-2007-3949 http://trac.lighttpd.net/trac/changeset/1871 http://osvdb.org/38311 Common Vulnerability Exposure (CVE) ID: CVE-2007-3950 http://trac.lighttpd.net/trac/changeset/1882 http://securityreason.com/securityalert/2909 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |