Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:REQERR:INV-IPV6-HOST-HDR |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Invalid IPv6 Host Header |
Release Date |
2014/04/08 |
Update Number |
2361 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Invalid IPv6 Host Header
This signature detects invalid values for the HTTP Host: header. A successful attempt could result in arbitrary code execution or denial-of-service condition.
Extended Description
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
Affected Products
- Lighttpd lighttpd 1.3.16
- Lighttpd lighttpd 1.4.10
- Lighttpd lighttpd 1.4.11
- Lighttpd lighttpd 1.4.12
- Lighttpd lighttpd 1.4.13
- Lighttpd lighttpd 1.4.14
- Lighttpd lighttpd 1.4.15
- Lighttpd lighttpd 1.4.16
- Lighttpd lighttpd 1.4.17
- Lighttpd lighttpd 1.4.18
- Lighttpd lighttpd 1.4.19
- Lighttpd lighttpd 1.4.20
- Lighttpd lighttpd 1.4.21
- Lighttpd lighttpd 1.4.22
- Lighttpd lighttpd 1.4.23
- Lighttpd lighttpd 1.4.24
- Lighttpd lighttpd 1.4.25
- Lighttpd lighttpd 1.4.26
- Lighttpd lighttpd 1.4.27
- Lighttpd lighttpd 1.4.28
- Lighttpd lighttpd 1.4.29
- Lighttpd lighttpd 1.4.3
- Lighttpd lighttpd 1.4.30
- Lighttpd lighttpd 1.4.31
- Lighttpd lighttpd 1.4.32
- Lighttpd lighttpd 1.4.33
- Lighttpd lighttpd 1.4.34
- Lighttpd lighttpd 1.4.4
- Lighttpd lighttpd 1.4.5
- Lighttpd lighttpd 1.4.6
- Lighttpd lighttpd 1.4.7
- Lighttpd lighttpd 1.4.8
- Lighttpd lighttpd 1.4.9
References
- CVE: CVE-2014-2323