CVE-2014-2324

Published: Mar 14, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.lighttpd.net/2014/3/12/1.4.35/

x_refsource_CONFIRM

66157

vdb-entry

x_refsource_BID

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt

x_refsource_CONFIRM

DSA-2877

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2014:0449

vendor-advisory

x_refsource_SUSE

57514

third-party-advisory

x_refsource_SECUNIA

HPSBGN03191

vendor-advisory

x_refsource_HP

openSUSE-SU-2014:0496

vendor-advisory

x_refsource_SUSE

SUSE-SU-2014:0474

vendor-advisory

x_refsource_SUSE

57404

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request

mailing-list

x_refsource_MLIST

[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request

mailing-list

x_refsource_MLIST

JVN#37417423

third-party-advisory

x_refsource_JVN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-2324

Description

Affected Products

References