CVE-2022-22707 In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function has a stack-based buffer overflow with 4 bytes representing -1, which can lead to a daemon crash.

CVE-2022-22707 In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function has a stack-based buffer overflow with 4 bytes representing -1, which can lead to a daemon crash.

The mod_extforward_Forwarded() function, as well as the other forwarded interfaces ( mod_vhost_streams , mod_vhost_scgi , mod_vhost_rscgi , mod_vhost_suexcepthost , mod_vhost_xsendfile , mod_vhost_limit ), do not check the size of incoming requests. This makes the forwarded interfaces vulnerable to attacks where the attacker sends a request with a crafted size.

Additionally, the mod_extforward plugin does not encode the end of a URL before passing it to the forwarded interface. This can be used by an attacker to pass a maliciously crafted URL.

Please note that the forwarded interfaces are only enabled by default in lighttpd 1.4.46 and earlier.

CVE-2018-13405: p0cc
Redirecting a malformed HTTP request to a TCP port other than the default 80 can be used by an attacker to cause a denial of service by consuming server resources.
Redirecting a malformed HTTP request to a TCP port other than the default 80 can be used by an attacker to cause a denial of service by consuming server resources.

The mod_fastcgi_pass_header function of the mod_fastcgi plugin does not validate the Accept HTTP header value before passing it to the FastCGI daemon. This can be used by an attacker to force FastCGI to process

OLD TEMPEST VULNERABILITIES

The mod_fastcgi_pass_header function of the mod_fastcgi plugin does not validate the Accept HTTP header value before passing it to the FastCGI daemon. This can be used by an attacker to force FastCGI to process

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe