lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1.4.33-1+nmu2ubuntu2", "binary_name": "lighttpd" }, { "binary_version": "1.4.33-1+nmu2ubuntu2", "binary_name": "lighttpd-dev" }, { "binary_version": "1.4.33-1+nmu2ubuntu2", "binary_name": "lighttpd-doc" }, { "binary_version": "1.4.33-1+nmu2ubuntu2", "binary_name": "lighttpd-mod-cml" }, { "binary_version": "1.4.33-1+nmu2ubuntu2", "binary_name": "lighttpd-mod-magnet" }, { "binary_version": "1.4.33-1+nmu2ubuntu2", "binary_name": "lighttpd-mod-mysql-vhost" }, { "binary_version": "1.4.33-1+nmu2ubuntu2", "binary_name": "lighttpd-mod-trigger-b4-dl" }, { "binary_version": "1.4.33-1+nmu2ubuntu2", "binary_name": "lighttpd-mod-webdav" } ] }