 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.1.1.2008.1645 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1645-1) |
| Summary: | The remote host is missing an update for the Debian 'lighttpd' package(s) announced via the DSA-1645-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'lighttpd' package(s) announced via the DSA-1645-1 advisory. Vulnerability Insight: Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4298 A memory leak in the http_request_parse function could be used by remote attackers to cause lighttpd to consume memory, and cause a denial of service attack. CVE-2008-4359 Inconsistant handling of URL patterns could lead to the disclosure of resources a server administrator did not anticipate when using rewritten URLs. CVE-2008-4360 Upon filesystems which don't handle case-insensitive paths differently it might be possible that unanticipated resources could be made available by mod_userdir. For the stable distribution (etch), these problems have been fixed in version 1.4.13-4etch11. For the unstable distribution (sid), these problems will be fixed shortly. We recommend that you upgrade your lighttpd package. Affected Software/OS: 'lighttpd' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-4298 BugTraq ID: 31434 http://www.securityfocus.com/bid/31434 Bugtraq: 20081030 rPSA-2008-0309-1 lighttpd (Google Search) http://www.securityfocus.com/archive/1/497932/100/0/threaded Debian Security Information: DSA-1645 (Google Search) http://www.debian.org/security/2008/dsa-1645 http://security.gentoo.org/glsa/glsa-200812-04.xml http://www.openwall.com/lists/oss-security/2008/09/26/5 http://secunia.com/advisories/32069 http://secunia.com/advisories/32132 http://secunia.com/advisories/32480 http://secunia.com/advisories/32834 http://secunia.com/advisories/32972 SuSE Security Announcement: SUSE-SR:2008:026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://www.vupen.com/english/advisories/2008/2741 XForce ISS Database: lighttpd-httprequestparse-dos(45471) https://exchange.xforce.ibmcloud.com/vulnerabilities/45471 Common Vulnerability Exposure (CVE) ID: CVE-2008-4359 BugTraq ID: 31599 http://www.securityfocus.com/bid/31599 http://openwall.com/lists/oss-security/2008/09/30/1 http://openwall.com/lists/oss-security/2008/09/30/2 http://openwall.com/lists/oss-security/2008/09/30/3 XForce ISS Database: lighttpd-urlredirect-rewrite-info-disclosure(45690) https://exchange.xforce.ibmcloud.com/vulnerabilities/45690 Common Vulnerability Exposure (CVE) ID: CVE-2008-4360 BugTraq ID: 31600 http://www.securityfocus.com/bid/31600 XForce ISS Database: lighttpd-moduserdir-info-disclosure(45689) https://exchange.xforce.ibmcloud.com/vulnerabilities/45689 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |