lighttpd 1.4.65

CPE Details

lighttpd 1.4.65
lighttpd
lighttpd
1.4.65
2022-06-14
11h42 +00:00
2022-06-15
11h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lighttpd:lighttpd:1.4.65:*:*:*:*:*:*:*

Informations

Vendor

lighttpd

Product

lighttpd

Version

1.4.65

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-41556 2022-10-05 22h00 +00:00 A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
7.5
High
CVE-2022-37797 2022-09-11 22h00 +00:00 In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.