Remote Code Injection Vulnerability in lighttpd Authentication
CVE-2015-3200

7.5HIGH

Key Information:

Vendor: Lighttpd
Status: Lighttpd
Vendor: CVE Published:; 9 June 2015

What is CVE-2015-3200?

A security flaw exists in the mod_auth module of lighttpd, allowing remote attackers to manipulate log entries. This vulnerability occurs when an attacker sends a specifically crafted basic HTTP authentication string that lacks a colon character. The malformed string may contain a NULL and new line character, enabling attackers to inject arbitrary content into the server's logs. This could lead to log spoofing and potential circumvention of security measures, necessitating prompt updates to safeguard against exploitation.

References

http://www.securityfocus.com/bid/74813

vdb-entryx_refsource_BID

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

http://redmine.lighttpd.net/issues/2646

x_refsource_CONFIRM

EPSS Score

18% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2015
Vulnerability Reserved
Apr 10, 2015

Lighttpd

What is CVE-2015-3200?

References

EPSS Score

CVSS V3.1

Timeline