Skip to main content

lighttpd Input Validation Vulnerabilities

Last Update Date: 24 Mar 2014 14:42 Release Date: 24 Mar 2014 3836 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Two vulnerabilities have been identified in lighttpd. A remote user can inject SQL commands. which could allow a remote user to access files on the target system.

  • The software does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
  • A remote user can submit a specially crafted SQL command (via the above listed vulnerability) to view arbitrary files on the target system

Impact

  • Information Disclosure

System / Technologies affected

  • lighttpd 1.4.34 and prior versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to fixed version.

Vulnerability Identifier


Source


Related Link