SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Suse
  • Linux Enterprise High Availability Extension
  • Linux Enterprise Software Development Kit
Lighttpd
  • Lighttpd
Debian
  • Debian Linux
Opensuse
  • Opensuse

Configuration 1 [-]

cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
References
Link Resource
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt Exploit Vendor Advisory
http://jvn.jp/en/jp/JVN37417423/index.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141576815022399&w=2 Mailing List Third Party Advisory
http://seclists.org/oss-sec/2014/q1/561 Exploit Mailing List Third Party Advisory
http://seclists.org/oss-sec/2014/q1/564 Mailing List Third Party Advisory
http://secunia.com/advisories/57404 Broken Link
http://secunia.com/advisories/57514 Broken Link
http://www.debian.org/security/2014/dsa-2877 Third Party Advisory
http://www.lighttpd.net/2014/3/12/1.4.35/ Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-03-14T15:00:00

Updated: 2021-02-19T04:06:07

Reserved: 2014-03-12T00:00:00

Link: CVE-2014-2323

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2014-03-14T15:55:05.743

Modified: 2021-02-26T23:50:35.047

Link: CVE-2014-2323

JSON object: View

cve-icon Redhat Information

No data.

CWE