| Added |
CVSS V3.1 |
|
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| Added |
CVSS V2 |
|
NIST (AV:N/AC:M/Au:N/C:P/I:N/A:N)
|
| Removed |
CVSS V2 |
NIST (AV:N/AC:M/Au:N/C:P/I:P/A:N)
|
|
| Added |
CWE |
|
NIST CWE-326
|
| Removed |
CWE |
NIST CWE-310
|
|
| Changed |
CPE Configuration |
OR
*cpe:2.3:a:lighttpd:lighttpd:1.4.24:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.25:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.26:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.27:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.28:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.29:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.30:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.31:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.32:*:*:*:*:*:*:*
*cpe:2.3:a:lighttpd:lighttpd:1.4.33:*:*:*:*:*:*:*
|
OR
*cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* versions from (including) 1.4.24 up to (including) 1.4.33
|
| Added |
CPE Configuration |
|
OR
*cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
*cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
*cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
|
OR
*cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
*cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
*cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
|
| Changed |
Reference Type |
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt Vendor Advisory
|
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt Exploit, Mitigation, Vendor Advisory
|
| Changed |
Reference Type |
http://jvn.jp/en/jp/JVN37417423/index.html No Types Assigned
|
http://jvn.jp/en/jp/JVN37417423/index.html Third Party Advisory
|
| Changed |
Reference Type |
http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html No Types Assigned
|
http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html Mailing List, Third Party Advisory
|
| Changed |
Reference Type |
http://marc.info/?l=bugtraq&m=141576815022399&w=2 No Types Assigned
|
http://marc.info/?l=bugtraq&m=141576815022399&w=2 Issue Tracking, Third Party Advisory
|
| Changed |
Reference Type |
http://openwall.com/lists/oss-security/2013/11/04/19 No Types Assigned
|
http://openwall.com/lists/oss-security/2013/11/04/19 Mailing List, Third Party Advisory
|
| Changed |
Reference Type |
http://redmine.lighttpd.net/issues/2525 No Types Assigned
|
http://redmine.lighttpd.net/issues/2525 Issue Tracking, Vendor Advisory
|
| Changed |
Reference Type |
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/ Exploit, Patch
|
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/ Broken Link
|
| Changed |
Reference Type |
https://www.debian.org/security/2013/dsa-2795 No Types Assigned
|
https://www.debian.org/security/2013/dsa-2795 Third Party Advisory
|
| Removed |
Evaluator Description |
Per: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt
"All versions from 1.4.24 (first version supporting SNI) up to and including
1.4.33."
|
|
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
