CVE-2014-2324

lighttpd <1.4.35 - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

Exploits (1)

nomisec WORKING POC 4 stars
by sp4c30x1 · poc
https://github.com/sp4c30x1/uc_httpd_exploit

References (13)

Scores

EPSS 0.7167
EPSS Percentile 98.7%

Details

CWE
CWE-22
Status published
Products (10)
contec/sv-cpt-mc310_firmware < 6.5
debian/debian_linux 6.0
debian/debian_linux 7.0
debian/debian_linux 8.0
lighttpd/lighttpd < 1.4.35
opensuse/opensuse 11.4
opensuse/opensuse 12.3
opensuse/opensuse 13.1
suse/linux_enterprise_high_availability_extension 11 sp3
suse/linux_enterprise_software_development_kit 11 sp3
Published Mar 14, 2014
Tracked Since Feb 18, 2026