- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in lighttpd, a small and
fast webserver with minimal memory footprint.
- CVE-2011-4362
Xi Wang discovered that the base64 decoding routine
which is used to decode user input during an HTTP
authentication, suffers of a signedness issue when
processing user input. As a result it is possible to
force lighttpd to perform an out-of-bounds read which
results in Denial of Service conditions.
- CVE-2011-3389
When using CBC ciphers on an SSL enabled virtual host to
communicate with certain client, a so called 'BEAST'
attack allows man-in-the-middle attackers to obtain
plaintext HTTP traffic via a blockwise chosen-boundary
attack (BCBA) on an HTTPS session. Technically this is
no lighttpd vulnerability. However, lighttpd offers a
workaround to mitigate this problem by providing a
possibility to disable CBC ciphers.
This updates includes this option by default. System administrators
are advised to read the NEWS file of this update (as this may break
older clients).
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top