CVE-2014-2323

Опубликовано: 14 мар. 2014

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Критический

Описание

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

Ссылки

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
Exploit
Vendor Advisory
http://jvn.jp/en/jp/JVN37417423/index.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=141576815022399&w=2
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2014/q1/561
Exploit
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2014/q1/564
Mailing List
Third Party Advisory
http://secunia.com/advisories/57404
Broken Link
http://secunia.com/advisories/57514
Broken Link
http://www.debian.org/security/2014/dsa-2877
Third Party Advisory
http://www.lighttpd.net/2014/3/12/1.4.35/
Patch
Vendor Advisory
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
Exploit
Vendor Advisory
http://jvn.jp/en/jp/JVN37417423/index.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=141576815022399&w=2
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2014/q1/561
Exploit
Mailing List
Third Party Advisory
http://seclists.org/oss-sec/2014/q1/564
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*

Версия до 1.4.35 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.92388

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2014-2323

CVSS3: 9.8

ubuntu

почти 12 лет назад

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

CVE-2014-2323

CVSS3: 9.8

debian

почти 12 лет назад

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1. ...

GHSA-v97w-2rqc-4p78

CVSS3: 9.8

github

больше 3 лет назад

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

BDU:2015-05899

fstec

около 11 лет назад

Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

BDU:2015-05898

fstec

около 11 лет назад

EPSS

Процентиль: 100%

0.92388

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89