| VID |
22472 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web server is running a version of lighttpd which is older than 1.4.20. lighttpd is a web server that provides an interface to external programs and allows Web applications to run separate chroot. lighttpd versions prior to 1.4.20 are reported prone to multiple vulnerabilities, which could be exploited by attackers to disclose sensitive information or cause a denial of service.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://trac.lighttpd.net/trac/ticket/285
http://trac.lighttpd.net/trac/ticket/1720
http://trac.lighttpd.net/trac/ticket/1589
http://trac.lighttpd.net/trac/ticket/1774
http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win
http://www.frsirt.com/english/advisories/2008/1063
* Platforms Affected:
lighttpd versions prior to 1.4.20
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of lighttpd (1.4.20 or later), available from the lighttpd Download Web site at http://lighttpd.net/download/ |
| Related URL |
CVE-2008-1531 (CVE) |
| Related URL |
28489,31434 (SecurityFocus) |
| Related URL |
41545 (ISS) |
|
