| VID |
22874 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web server is running a version of lighttpd which is older than 1.4.51. lighttpd is a web server that provides an interface to external programs and allows Web applications to run separate chroot.
According to its banner, the version of lighttpd running on the remote host is prior to 1.4.51. It is, therefore, affected by the following vulnerabilities :
- An unspecified header processing vulnerability in core
- An unspecified username vulnerability in mod_userdir
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://www.lighttpd.net/2018/10/14/1.4.51/
* Platforms Affected:
lighttpd versions prior to 1.4.51
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of lighttpd (1.4.51 or later), available from the lighttpd Download Web site at http://lighttpd.net/download/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
