lighttpd Input Validation Vulnerabilities
Last Update Date:
24 Mar 2014 14:42
Release Date:
24 Mar 2014
3836
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
Two vulnerabilities have been identified in lighttpd. A remote user can inject SQL commands. which could allow a remote user to access files on the target system.
- The software does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
- A remote user can submit a specially crafted SQL command (via the above listed vulnerability) to view arbitrary files on the target system
Impact
- Information Disclosure
System / Technologies affected
- lighttpd 1.4.34 and prior versions
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to fixed version.
Vulnerability Identifier
Source
Related Link
Share with