Rapid7 Vulnerability & Exploit Database

Lighttpd Obsolete Version

Back to Search

Lighttpd Obsolete Version

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
03/26/2007
Created
07/25/2018
Added
03/26/2007
Modified
12/20/2017

Description

Versions of Lighttpd earlier than 1.4.0 are considered obsolete. Earlier versions may be vulnerable to buffer overflow attacks as well as source path disclosure attacks. It is recommended that you upgrade your Lighttpd installation to the latest release.

Solution(s)

  • http-lighttpd-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;