Summary
This host is running Lighttpd and is prone to multiple vulnerabilities
Impact
Successful exploitation will allow remote attackers to execute arbitrary SQL commands and remote attackers to read arbitrary files via hostname.
Impact Level: System/Application
Solution
Upgrade to 1.4.35 or higher,
For updates refer to http://www.lighttpd.net/download
Insight
- mod_mysql_vhost module not properly sanitizing user supplied input passed via the hostname.
- mod_evhost and mod_simple_vhost modules not properly sanitizing user supplied input via the hostname.
Affected
Lighttpd version before 1.4.35
Detection
Send a crafted HTTP GET request and check whether it responds with error message.
References
Severity
Classification
-
CVE CVE-2014-2323, CVE-2014-2324 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011
- IIS .IDA ISAPI filter applied
- nginx HTTP Request Remote Buffer Overflow Vulnerability
- PHP Built-in WebServer 'Content-Length' Denial of Service Vulnerability