| VID |
22873 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web server is running a version of lighttpd which is older than 1.4.50. lighttpd is a web server that provides an interface to external programs and allows Web applications to run separate chroot.
According to its banner, the version of lighttpd running on the remote host is prior to 1.4.50. It is, therefore, affected by the following vulnerabilities :
- An unspecified potential path traversal in mod_alias
- An unspecified user-after-free in core
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://www.lighttpd.net/2018/8/13/1.4.50/
* Platforms Affected:
lighttpd versions prior to 1.4.50
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of lighttpd (1.4.50 or later), available from the lighttpd Download Web site at http://lighttpd.net/download/ |
| Related URL |
CVE-2018-19052 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
