The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterminist…

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet …

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cau…

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet…

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attack…

Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consu…

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in ligh…

Integer signedness error in the base64_decode function in the HTTP authentication functionality…

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50.…

Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi …

lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a…

The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote atta…

mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HO…

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) se…

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via …

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward …

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash…

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denia…

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem i…

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite co…

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other prod…

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows re…

mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of s…

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resour…

The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x…

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows …

lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of ser…

connections.c in lighttpd before 1.4.16 might accept more connections than the configured maxim…

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of ser…

lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a…

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier…

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size…

mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a f…

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid H…

Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial…

There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might r…

The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Lin…

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This …

Mitigation for HTTPoxy vulnerability