Debian DSA-5243-1 : lighttpd – security update
Discription

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5243 advisory.

– In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More

Back to Main

Subscribe for the latest news: