CVE-2014-2323 Scanner
Detects 'SQL Injection' vulnerability in lighttpd affects v. before 1.4.35.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Lighttpd is a popular web server software designed for high-performance environments. It is known for its speed and scalability, making it a popular choice for a variety of web applications. This software is often used in load balancing and content delivery networks. Lighttpd is open-source, which means that it is freely available and can be customized to suit the unique needs of each user. It offers a range of features such as mod_rewrite, mod_fastcgi, and mod_accesslog that makes it easy for users to customize the configuration of their server.
CVE-2014-2323 is a vulnerability that was detected in Lighttpd before version 1.4.35. This vulnerability is caused by an SQL injection vulnerability in mod_mysql_vhost.c. It allows attackers to execute arbitrary SQL commands via the hostname, related to request_check_hostname. An attacker could exploit this vulnerability by manipulating the hostname to inject malicious SQL commands into the server. This could lead to data loss, data theft, and unauthorized access to sensitive information.
When this vulnerability is exploited, it can lead to serious consequences for the affected system. Attackers can use the vulnerability to gain unauthorized access to sensitive information, execute malicious commands on the server, and even steal data. An attacker can take control of the system, inject commands, and steal valuable data.
s4e.io offers pro features that make it easy for users to quickly and easily learn about vulnerabilities in their digital assets. Users can use the platform to get real-time updates on vulnerabilities, monitor their assets, and get actionable insights to protect their systems. With the pro features of s4e.io, users can access a robust dashboard, alerts, and other features that help them stay ahead of emerging threats.
REFERENCES
- http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
- http://jvn.jp/en/jp/JVN37417423/index.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html
- http://marc.info/?l=bugtraq&m=141576815022399&w=2
- http://seclists.org/oss-sec/2014/q1/561
- http://seclists.org/oss-sec/2014/q1/564
- http://www.debian.org/security/2014/dsa-2877
- http://www.lighttpd.net/2014/3/12/1.4.35/
