CVE-2014-2324
published 2014-03-14CVE-2014-2324: Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary…
medium5CVSS 3.1
AVNACLAuNCPINAN
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contec | sv-cpt-mc310_firmware | < 6.5 | 6.5 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | lighttpd | < lighttpd 1.4.33-1+nmu3 (bookworm) | lighttpd 1.4.33-1+nmu3 (bookworm) |
| lighttpd | lighttpd | < 1.4.35 | 1.4.35 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu3 | 1.4.33-1+nmu3 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu3 | 1.4.33-1+nmu3 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu3 | 1.4.33-1+nmu3 |
| lighttpd | lighttpd | >= 0 < 1.4.33-1+nmu3 | 1.4.33-1+nmu3 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| suse | linux_enterprise_high_availability_extension | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM