Debian DLA-3133-1 : lighttpd – LTS security update
Discription
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3133 advisory.
– In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. (CVE-2022-37797)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More
References
Back to Main