8 KB is not enough: why WAFs canít protect APIs

WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According ...

Continue Reading
Updated lighttpd packages fix security vulnerability

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the ser ...

Continue Reading

CVSS3 - HIGH

Denial Of Service (DoS)

lighttpd is vulnerable to denial of service. The vulnerability exists due to a lack of initialization when an invalide HTTP request (websocket handshake) leading to a null pointer dereference allowing ...

Continue Reading

CVSS3 - HIGH

Debian DLA-3133-1 : lighttpd – LTS security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3133 advisory. - In lighttpd 1.4.65, mod_wstunnel does not initialize a handler functio ...

Continue Reading
lighttpd – security update

An invalid HTTP request (websocket handshake) may cause a `NULL` pointer dereference in the wstunnel module. For Debian 10 buster, this problem has been fixed in version 1.4.53-4+deb10u3. We recommend ...

Continue Reading

CVSS3 - HIGH

Node.js 14.x < 14.20.0 / 16.x < 16.16.0 / 18.x < 18.5.0 Multiple Vulnerabilities (July 7th 2022 Security Releases).

The version of Node.js installed on the remote host is prior to 14.20.0, 16.16.0, 18.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 7th 2022 Security Releases ad ...

Continue Reading
[SECURITY] [DLA 3133-1] lighttpd security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3133-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ ...

Continue Reading

CVSS3 - HIGH

openSUSE 15 Security Update : lighttpd (openSUSE-SU-2022:10132-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10132-1 advisory. - In lighttpd 1.4.65, mod_wstunnel does not init ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy