Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
lighttpd 权限许可和访问控制问题漏洞
Vulnerability Description
lighttpd是德国Jan Kneschke个人开发者的一款开源的Web服务器。 lighttpd 1.4.32及之前的版本中存在权限许可和访问控制问题漏洞,该漏洞源于程序没有检查(1)setuid(2)setgid或(3)setgroups函数的返回值。远程攻击者可通过多次调用‘clone’函数利用该漏洞获取特权。
CVSS Information
N/A
Vulnerability Type
N/A