Oval Definition:oval:org.opensuse.security:def:20142324
Revision Date:2022-09-02Version:1
Title:CVE-2014-2324
Description:

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-2324
Mitre CVE-2014-2324
SUSE CVE-2014-2324
openSUSE-SU-2014:0449-1
openSUSE-SU-2014:0449-1
openSUSE-SU-2014:0496-1
openSUSE-SU-2014:0496-1
SUSE-SU-2014:0474-1
SUSE-SU-2014:0474-1
Platform(s):openSUSE 12.3 Update
openSUSE 13.1
openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise High Availability 12 SP2
SUSE Linux Enterprise High Availability 12 SP3
SUSE Linux Enterprise High Availability 12 SP4
SUSE Linux Enterprise High Availability 12 SP5
SUSE Linux Enterprise High Availability Extension 11 SP3
SUSE Linux Enterprise High Performance Computing 11 SP3
SUSE Linux Enterprise High Performance Computing 12 SP2
SUSE Linux Enterprise High Performance Computing 12 SP3
SUSE Linux Enterprise High Performance Computing 12 SP4
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
Product(s):
Definition Synopsis
  • openSUSE 13.1 is installed
  • AND Package Information
  • lighttpd-1.4.35-2.9.1 is installed
  • OR lighttpd-mod_cml-1.4.35-2.9.1 is installed
  • OR lighttpd-mod_geoip-1.4.35-2.9.1 is installed
  • OR lighttpd-mod_magnet-1.4.35-2.9.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.35-2.9.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.35-2.9.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.35-2.9.1 is installed
  • OR lighttpd-mod_webdav-1.4.35-2.9.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability Extension 11 SP3 is installed
  • AND lighttpd-1.4.20-2.54 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 11 SP3 is installed
  • OR SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND
  • lighttpd-1.4.20-2.54 is installed
  • OR lighttpd-mod_cml-1.4.20-2.54 is installed
  • OR lighttpd-mod_magnet-1.4.20-2.54 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.20-2.54 is installed
  • OR lighttpd-mod_rrdtool-1.4.20-2.54 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.20-2.54 is installed
  • OR lighttpd-mod_webdav-1.4.20-2.54 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability Extension 11 SP3 is installed
  • AND lighttpd-1.4.20-2.54.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 11 SP3 is installed
  • AND
  • lighttpd-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_cml-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_magnet-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_webdav-1.4.20-2.54.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND lighttpd-1.4.35-1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • AND lighttpd-1.4.35-3 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND lighttpd-1.4.35-1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • OR SUSE Linux Enterprise High Availability 12 SP4 is installed
  • AND lighttpd-1.4.35-3 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND lighttpd-1.4.35-1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • OR SUSE Linux Enterprise High Availability 12 SP4 is installed
  • OR SUSE Linux Enterprise High Availability 12 SP5 is installed
  • AND lighttpd-1.4.35-3 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • lighttpd-1.4.37-1.6 is installed
  • OR lighttpd-mod_cml-1.4.37-1.6 is installed
  • OR lighttpd-mod_geoip-1.4.37-1.6 is installed
  • OR lighttpd-mod_magnet-1.4.37-1.6 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.37-1.6 is installed
  • OR lighttpd-mod_rrdtool-1.4.37-1.6 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.37-1.6 is installed
  • OR lighttpd-mod_webdav-1.4.37-1.6 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability Extension 11 SP3 is installed
  • AND lighttpd-1.4.20-2.54.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND
  • lighttpd-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_cml-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_magnet-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_webdav-1.4.20-2.54.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Software Development Kit 11 SP3 is installed
  • AND
  • lighttpd-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_cml-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_magnet-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_mysql_vhost-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_trigger_b4_dl-1.4.20-2.54.1 is installed
  • OR lighttpd-mod_webdav-1.4.20-2.54.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • OR SUSE Linux Enterprise High Availability 12 SP4 is installed
  • OR SUSE Linux Enterprise High Availability 12 SP5 is installed
  • AND lighttpd-1.4.35-3.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND lighttpd-1.4.35-1.34 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 12 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • OR SUSE Linux Enterprise Server 12 SP5 is installed
  • AND lighttpd-1.4.35-3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 12 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • AND lighttpd-1.4.35-3.1 is installed
    • BACK