Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-4559HistoryNov 20, 2013 - 2:12 p.m.
CVE-2013-4559
2013-11-2014:12:30
Debian Security Bug Tracker
security-tracker.debian.org
20
CVSS2
7.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
0.01
Percentile
84.0%
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | lighttpd | < 1.4.33-1+nmu1 | lighttpd_1.4.33-1+nmu1_all.deb |
| Debian | 11 | all | lighttpd | < 1.4.33-1+nmu1 | lighttpd_1.4.33-1+nmu1_all.deb |
| Debian | 999 | all | lighttpd | < 1.4.33-1+nmu1 | lighttpd_1.4.33-1+nmu1_all.deb |
| Debian | 13 | all | lighttpd | < 1.4.33-1+nmu1 | lighttpd_1.4.33-1+nmu1_all.deb |
Related
cve
cve
CVE-2013-4559
2013-11-20 14:12:30
nvd
nvd
CVE-2013-4559
2013-11-20 14:12:30
ubuntucve
ubuntucve
CVE-2013-4559
2013-11-20 00:00:00
prion
prion
Design/Logic Flaw
2013-11-20 14:12:00
cvelist
cvelist
CVE-2013-4559
2013-11-19 19:00:00
osv
osv
lighttpd - several
2013-11-17 00:00:00
lighttpd-1.4.37-1.6 on GA media
2024-06-15 00:00:00
nessus
nessus
Fedora 20 : lighttpd-1.4.34-3.fc20 (2014-2495)
2014-02-24 00:00:00
Amazon Linux AMI : lighttpd (ALAS-2014-299)
2014-03-12 00:00:00
lighttpd < 1.4.34 Multiple Vulnerabilities
2014-03-05 00:00:00
debian
debian
[SECURITY] [DSA 2795-1] lighttpd security update
2013-11-13 06:11:36
[SECURITY] [DSA 2795-1] lighttpd security update
2013-11-13 06:11:36
freebsd
freebsd
lighttpd -- multiple vulnerabilities
2013-11-28 00:00:00
mageia
mageia
Updated lighttpd packages fix multiple security vulnerbilities
2013-11-21 00:36:53
securityvulns
securityvulns
lighttpd multiple security vulnerabilities
2013-11-18 00:00:00
[SECURITY] [DSA 2795-1] lighttpd security update
2013-11-18 00:00:00
openvas
openvas
Fedora Update for lighttpd FEDORA-2014-2506
2014-02-25 00:00:00
Mageia: Security Advisory (MGASA-2013-0334)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-2795-1)
2013-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: lighttpd-1.4.34-3.fc19
2014-02-22 18:18:47
[SECURITY] Fedora 20 Update: lighttpd-1.4.34-3.fc20
2014-02-22 18:22:17
amazon
amazon
Medium: lighttpd
2014-03-06 14:57:00
gentoo
gentoo
lighttpd: Multiple vulnerabilities
2014-06-13 00:00:00
jvn
jvn
JVN#37417423: Multiple vulnerabilities in SolarView Compact
2021-02-19 00:00:00
CVSS2
7.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
0.01
Percentile
84.0%
Related for DEBIANCVE:CVE-2013-4559