var-201904-0995
Vulnerability from variot
lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit. ** Unsettled ** This case has not been confirmed as a vulnerability. lighttpd Contains an integer overflow vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-11072Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lighttpd is an open source web server for German JanKneschke software developers. An input validation error vulnerability exists in versions prior to lighttpd 1.4.54. The vulnerability stems from a network system or product that does not properly validate the input data. An attacker exploited the vulnerability to cause a denial of service or code execution vulnerability. lighttpd is prone to an integer overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0995",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lighttpd",
"scope": "lte",
"trust": 1.0,
"vendor": "lighttpd",
"version": "1.4.53"
},
{
"model": "lighttpd",
"scope": "lt",
"trust": 0.8,
"vendor": "lighttpd",
"version": "1.4.54"
},
{
"model": "kneschke lighttpd",
"scope": "lt",
"trust": 0.6,
"vendor": "jan",
"version": "1.4.54"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.5"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.32"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.31"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.30"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.26"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.25"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.24"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.23"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.20"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.19"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.18"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.17"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.16"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.15"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.14"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.13"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.12"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.11"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.10"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.9"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.8"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.7"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.6"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.5"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.4"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.3"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.2"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.1"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.3.10"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.3.8"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.3.7"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.35"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.34"
},
{
"model": "lighttpd",
"scope": "eq",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.33"
},
{
"model": "lighttpd",
"scope": "ne",
"trust": 0.3,
"vendor": "lighttpd",
"version": "1.4.54"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"db": "BID",
"id": "107907"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.53",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stephan Zeisberg",
"sources": [
{
"db": "BID",
"id": "107907"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
}
],
"trust": 0.9
},
"cve": "CVE-2019-11072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-11072",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-13852",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-11072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-11072",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-13852",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-539",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-11072",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"db": "VULMON",
"id": "CVE-2019-11072"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
},
{
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states \"The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit. ** Unsettled ** This case has not been confirmed as a vulnerability. lighttpd Contains an integer overflow vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-11072Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lighttpd is an open source web server for German JanKneschke software developers. An input validation error vulnerability exists in versions prior to lighttpd 1.4.54. The vulnerability stems from a network system or product that does not properly validate the input data. An attacker exploited the vulnerability to cause a denial of service or code execution vulnerability. lighttpd is prone to an integer overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. \nAn attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11072"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"db": "BID",
"id": "107907"
},
{
"db": "VULMON",
"id": "CVE-2019-11072"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11072",
"trust": 3.4
},
{
"db": "BID",
"id": "107907",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003364",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-13852",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201904-539",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-11072",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"db": "VULMON",
"id": "CVE-2019-11072"
},
{
"db": "BID",
"id": "107907"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
},
{
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"id": "VAR-201904-0995",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
}
]
},
"last_update_date": "2024-06-12T22:59:11.245000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[core] fix abort in http-parseopts (fixes #2945)",
"trust": 0.8,
"url": "https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354"
},
{
"title": "Bug #2945",
"trust": 0.8,
"url": "https://redmine.lighttpd.net/issues/2945"
},
{
"title": "Lighttpd enters a patch to verify the error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160987"
},
{
"title": "lighttpd Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91354"
},
{
"title": "Debian CVElist Bug Report Logs: lighttpd: CVE-2019-11072",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9b235b8ab3dbcb0acdb0f9df18f1403b"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jreisinger/checkip "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"db": "VULMON",
"id": "CVE-2019-11072"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107907"
},
{
"trust": 2.0,
"url": "https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354"
},
{
"trust": 1.4,
"url": "https://redmine.lighttpd.net/issues/2945"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11072"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11072"
},
{
"trust": 0.6,
"url": "httpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354"
},
{
"trust": 0.6,
"url": "httpd/lig"
},
{
"trust": 0.6,
"url": "https://github.com/lig"
},
{
"trust": 0.6,
"url": "httpd.net/issues/2945"
},
{
"trust": 0.6,
"url": "https://redmine.lig"
},
{
"trust": 0.6,
"url": "http://www.lig"
},
{
"trust": 0.6,
"url": "httpd.net/versions/55"
},
{
"trust": 0.6,
"url": "httpd-denial-of-service-via-url-path-2f-decode-29025"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/lig"
},
{
"trust": 0.3,
"url": "https://redmine.lighttpd.net/versions/55"
},
{
"trust": 0.3,
"url": "http://www.lighttpd.net/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"db": "VULMON",
"id": "CVE-2019-11072"
},
{
"db": "BID",
"id": "107907"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
},
{
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"db": "VULMON",
"id": "CVE-2019-11072"
},
{
"db": "BID",
"id": "107907"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
},
{
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"date": "2019-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11072"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107907"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"date": "2019-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-539"
},
{
"date": "2019-04-10T22:29:00.267000",
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11072"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107907"
},
{
"date": "2019-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003364"
},
{
"date": "2019-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-539"
},
{
"date": "2024-06-11T21:15:51.510000",
"db": "NVD",
"id": "CVE-2019-11072"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lighttpd input validation error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13852"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-539"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.