CVE-2014-2323

Published: Mar 14, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.lighttpd.net/2014/3/12/1.4.35/

x_refsource_CONFIRM

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt

x_refsource_CONFIRM

DSA-2877

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2014:0449

vendor-advisory

x_refsource_SUSE

57514

third-party-advisory

x_refsource_SECUNIA

HPSBGN03191

vendor-advisory

x_refsource_HP

openSUSE-SU-2014:0496

vendor-advisory

x_refsource_SUSE

SUSE-SU-2014:0474

vendor-advisory

x_refsource_SUSE

57404

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request

mailing-list

x_refsource_MLIST

[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request

mailing-list

x_refsource_MLIST

JVN#37417423

third-party-advisory

x_refsource_JVN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-2323

Description

Affected Products

References