CVE-2014-2324

CWE-22 — Path Traversal8 documents6 sources

Severity

5.0MEDIUM

EPSS

71.7%

top 1.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contec Sv-cpt-mc310 Firmware Lighttpd Lighttpd Debian Debian Linux +3 more

Timeline

PublishedMar 14

Latest updateMay 13

Description

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDlighttpd/lighttpd< 1.4.35

▶Debianlighttpd< 1.4.33-1+nmu3+3

▶NVDcontec/sv-cpt-mc310_firmware< 6.5

▶NVDopensuse/opensuse11.4, 12.3, 13.1+2

▶NVDsuse/linux_enterprise_software_development_kit11

Also affects: Debian Linux 6.0, 7.0, 8.0

Patches

Patch: www.lighttpd.net ↗Patch: www.lighttpd.net ↗

🔴Vulnerability Details

GHSA

GHSA-mvq4-g5jc-x2wr: Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1↗2022-05-13

▶

CVEList

CVE-2014-2324: Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1↗2014-03-14

▶

OSV

CVE-2014-2324: Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1↗2014-03-14

▶

📋Vendor Advisories

Debian

CVE-2014-2324: lighttpd - Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simpl...↗2014

▶

💬Community

Bugzilla

CVE-2014-2324 CVE-2014-2323 lighttpd: SQL injection and directory traversal vulnerabilities [fedora-all]↗2014-03-12

▶

Bugzilla

CVE-2014-2324 CVE-2014-2323 lighttpd: SQL injection and directory traversal vulnerabilities [epel-all]↗2014-03-12

▶

Bugzilla

CVE-2014-2323 CVE-2014-2324 lighttpd: SQL injection and directory traversal vulnerabilities↗2014-03-12

▶