| Bug | Description |
|---|
| TEMP-0000000-F99584 | "slowloris" denial-of-service vulnerability in webservers |
| TEMP-0000000-37DBC3 | use after free / double free |
| CVE-2022-41556 | A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 coul ... |
| CVE-2022-37797 | In lighttpd 1.4.65, mod_wstunnel does not initialize a handler functio ... |
| CVE-2022-30780 | Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a den ... |
| CVE-2022-22707 | In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ... |
| CVE-2019-11072 | lighttpd before 1.4.54 has a signed integer overflow, which might allo ... |
| CVE-2016-1000212 | Mitigation for HTTPoxy vulnerability |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ... |
| CVE-2014-2469 | Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows at ... |
| CVE-2014-2324 | Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) ... |
| CVE-2014-2323 | SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1. ... |
| CVE-2013-4560 | Use-after-free vulnerability in lighttpd before 1.4.33 allows remote a ... |
| CVE-2013-4559 | lighttpd before 1.4.33 does not check the return value of the (1) setu ... |
| CVE-2013-4508 | lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphe ... |
| CVE-2013-1427 | The configuration file for the FastCGI PHP support for lighttpd before ... |
| CVE-2012-5533 | The http_request_split_value function in request.c in lighttpd before ... |
| CVE-2012-4929 | The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ... |
| CVE-2011-4362 | Integer signedness error in the base64_decode function in the HTTP aut ... |
| CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windo ... |
| CVE-2010-0295 | lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read op ... |
| CVE-2009-3555 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ... |
| CVE-2008-4360 | mod_userdir in lighttpd before 1.4.20, when a case-insensitive operati ... |
| CVE-2008-4359 | lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redire ... |
| CVE-2008-4298 | Memory leak in the http_request_parse function in request.c in lighttp ... |
| CVE-2008-1531 | The connection_state_machine function (connections.c) in lighttpd 1.4. ... |
| CVE-2008-1270 | mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not s ... |
| CVE-2008-1111 | mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instea ... |
| CVE-2008-0983 | lighttpd 1.4.18, and possibly other versions before 1.5.0, does not pr ... |
| CVE-2007-4727 | Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fast ... |
| CVE-2007-3950 | lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ... |
| CVE-2007-3949 | mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ... |
| CVE-2007-3948 | connections.c in lighttpd before 1.4.16 might accept more connections ... |
| CVE-2007-3947 | request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ... |
| CVE-2007-3946 | mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attacke ... |
| CVE-2007-1870 | lighttpd before 1.4.14 allows attackers to cause a denial of service ( ... |
| CVE-2007-1869 | lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial o ... |