{"id":"MGASA-2014-0133","summary":"Updated lighttpd package fixes security vulnerabilities","details":"SQL injection vulnerability in lighttpd before 1.4.35 when\nmod_mysql_vhost is in use, due to insufficient validation of hostnames in\nHTTP requests (CVE-2014-2323).\n\nPossible path traversal vulnerabilities in lighttpd before 1.4.35 when\neither mod_evhost or mod_simple_vhost are in use, due to insufficient\nvalidation of hostnames in HTTP requests (CVE-2014-2324).\n","modified":"2026-04-16T06:23:34.415930756Z","published":"2014-03-19T17:28:38Z","upstream":["CVE-2014-2323","CVE-2014-2324"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0133.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13003"},{"type":"WEB","url":"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2014/03/12/12"}],"affected":[{"package":{"name":"lighttpd","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/lighttpd?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.32-3.7.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0133.json"}},{"package":{"name":"lighttpd","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/lighttpd?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.33-4.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0133.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}