The mod_extforward_Forwarded() function, as well as the other forwarded interfaces ( mod_vhost_streams , mod_vhost_scgi , mod_vhost_rscgi , mod_vhost_suexcepthost , mod_vhost_xsendfile , mod_vhost_limit ), do not check the size of incoming requests. This makes the forwarded interfaces vulnerable to attacks where the attacker sends a request with a crafted size.

Additionally, the mod_extforward plugin does not encode the end of a URL before passing it to the forwarded interface. This can be used by an attacker to pass a maliciously crafted URL.

Please note that the forwarded interfaces are only enabled by default in lighttpd 1.4.46 and earlier.

CVE-2018-13405: p0cc
Redirecting a malformed HTTP request to a TCP port other than the default 80 can be used by an attacker to cause a denial of service by consuming server resources.
Redirecting a malformed HTTP request to a TCP port other than the default 80 can be used by an attacker to cause a denial of service by consuming server resources.

The mod_fastcgi_pass_header function of the mod_fastcgi plugin does not validate the Accept HTTP header value before passing it to the FastCGI daemon. This can be used by an attacker to force FastCGI to process

OLD TEMPEST VULNERABILITIES

The mod_fastcgi_pass_header function of the mod_fastcgi plugin does not validate the Accept HTTP header value before passing it to the FastCGI daemon. This can be used by an attacker to force FastCGI to process

Timeline

Published on: 01/06/2022 06:15:00 UTC
Last modified on: 01/13/2022 20:52:00 UTC

References