Vulnerability CVE-2014-2323

Vulnerability CVE-2014-2323

Published: 2014-03-14 Modified: 2014-03-18

Description:

	Topic	Author	Date
High	lighttpd 1.4.34 SQL injection and path traversal	Jann Horn	14.03.2014

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Affected software
Lighttpd -> Lighttpd

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html

http://marc.info/?l=bugtraq&m=141576815022399&w=2

http://seclists.org/oss-sec/2014/q1/561

http://seclists.org/oss-sec/2014/q1/564

http://www.debian.org/security/2014/dsa-2877

http://www.lighttpd.net/2014/3/12/1.4.35/