lighttpd Input Validation Vulnerabilities

Last Update Date: 24 Mar 2014 14:42 Release Date: 24 Mar 2014 3145 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Two vulnerabilities have been identified in lighttpd. A remote user can inject SQL commands. which could allow a remote user to access files on the target system.

  • The software does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
  • A remote user can submit a specially crafted SQL command (via the above listed vulnerability) to view arbitrary files on the target system

Impact

  • Information Disclosure

System / Technologies affected

  • lighttpd 1.4.34 and prior versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to fixed version.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Cisco IOS Sup2T Denial of Service Vulnerability

21 Mar 2014 3152 Views

Next

Microsoft Word RTF File Processing Vulnerability

25 Mar 2014 3329 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY