https://community.hpe.com/t5/other-hpe-product-questions/vulnerabilities-lighttpd-in-the-hpe-officeconnect-switch-1820/m-p/7226475#M7479 <P>In our inspection routines we found vulnerabilities in the <STRONG>HPE OfficeConnect Switch 1820 24G J9980A</STRONG>.<BR />vulnerabilities: Lighttpd &lt; 1.4.35 Multiple Vulnerabilities - Active Check</P><P><STRONG>Vulnerability Insight</STRONG><BR />The following flaws exist:<BR />- mod_mysql_vhost module is not properly sanitizing user supplied input passed via the host-<BR />name<BR />- mod_evhost and mod_simple_vhost modules are not properly sanitizing user supplied input<BR />via the hostname.</P><P><STRONG>Vulnerability Detection Method</STRONG><BR />Sends a crafted HTTP GET request and checks the response.<BR />Details: Lighttpd &lt; 1.4.35 Multiple Vulnerabilities - Active Check<BR />OID:1.3.6.1.4.1.25623.1.0.802072<BR />Version used: 2023-02-01T10:08:40Z</P><P><STRONG>References</STRONG><BR />cve: CVE-2014-2323<BR />cve: CVE-2014-2324</P><P><BR />I need help on how to resolve this vulnerability</P><P>&nbsp;</P><P>Thanks</P> Wed, 02 Oct 2024 16:49:40 GMT paulo_rribeiro 2024-10-02T16:49:40Z https://community.hpe.com/t5/other-hpe-product-questions/vulnerabilities-lighttpd-in-the-hpe-officeconnect-switch-1820/m-p/7226475#M7479 <P>In our inspection routines we found vulnerabilities in the <STRONG>HPE OfficeConnect Switch 1820 24G J9980A</STRONG>.<BR />vulnerabilities: Lighttpd &lt; 1.4.35 Multiple Vulnerabilities - Active Check</P><P><STRONG>Vulnerability Insight</STRONG><BR />The following flaws exist:<BR />- mod_mysql_vhost module is not properly sanitizing user supplied input passed via the host-<BR />name<BR />- mod_evhost and mod_simple_vhost modules are not properly sanitizing user supplied input<BR />via the hostname.</P><P><STRONG>Vulnerability Detection Method</STRONG><BR />Sends a crafted HTTP GET request and checks the response.<BR />Details: Lighttpd &lt; 1.4.35 Multiple Vulnerabilities - Active Check<BR />OID:1.3.6.1.4.1.25623.1.0.802072<BR />Version used: 2023-02-01T10:08:40Z</P><P><STRONG>References</STRONG><BR />cve: CVE-2014-2323<BR />cve: CVE-2014-2324</P><P><BR />I need help on how to resolve this vulnerability</P><P>&nbsp;</P><P>Thanks</P> Wed, 02 Oct 2024 16:49:40 GMT https://community.hpe.com/t5/other-hpe-product-questions/vulnerabilities-lighttpd-in-the-hpe-officeconnect-switch-1820/m-p/7226475#M7479 paulo_rribeiro 2024-10-02T16:49:40Z https://community.hpe.com/t5/other-hpe-product-questions/vulnerabilities-lighttpd-in-the-hpe-officeconnect-switch-1820/m-p/7226485#M7480 <P>Hello&nbsp;<a href="https://community.hpe.com/t5/user/viewprofilepage/user-id/2349708">@paulo_rribeiro</a>,</P> <P>Thank you for posting.</P> <P><SPAN>HPE Networking forum has moved to Aruba Airheads Community and for HPE networking and Aruba product queries, we request you to visit and post your query here:&nbsp;<A tabindex="-1" title="https://community.arubanetworks.com/discussion" href="https://community.arubanetworks.com/discussion" target="_blank" rel="noopener noreferrer nofollow" aria-label="Link Aruba Airheads Community">Aruba Airheads Community</A>&nbsp;</SPAN></P> <P>You can refer to the below link as well for more details:</P> <P><A href="https://community.hpe.com/t5/Announcements/HPE-Networking-forum-migration-to-Aruba-Airheads-community-Nov/m-p/7150664" target="_blank" rel="noopener">HPE Networking forum migration to Aruba Airheads c... - Hewlett Packard Enterprise Community</A></P> Thu, 03 Oct 2024 04:03:03 GMT https://community.hpe.com/t5/other-hpe-product-questions/vulnerabilities-lighttpd-in-the-hpe-officeconnect-switch-1820/m-p/7226485#M7480 Sunitha_Mod 2024-10-03T04:03:03Z