ALT-PU-2015-1640-2

Package update lighttpd in branch sisyphus

Version1.4.36-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.5

Уязвимость компонента Log File Handler модуля mod_auth веб-сервера lighttpd, позволяющая нарушителю получить доступ на изменение записей в журнале

Published: 2025-12-17

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2015-3200

HIGH7.5

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

Published: 2015-06-09Modified: 2025-04-12

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References