lighttpd

Page content
  • Author: kikadf
  • Vulnerable: 1.4.32-2
  • Unaffected: 1.4.35-1arcturus1

Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module (mod_mysql_vhost). Jann Horn discovered that specially crafted host names can be used to traverse outside of the document root under certain situations in lighttpd servers using either the mod_mysql_vhost, mod_evhost, or mod_simple_vhost virtual hosting modules.

CVEs: