- Community Home
- >
- Welcome
- >
- Other HPE Product Questions
- >
- Vulnerabilities Lighttpd in the HPE OfficeConnect ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2024 09:49 AM
10-02-2024 09:49 AM
Vulnerabilities Lighttpd in the HPE OfficeConnect Switch 1820 24G J9980A
In our inspection routines we found vulnerabilities in the HPE OfficeConnect Switch 1820 24G J9980A.
vulnerabilities: Lighttpd < 1.4.35 Multiple Vulnerabilities - Active Check
Vulnerability Insight
The following flaws exist:
- mod_mysql_vhost module is not properly sanitizing user supplied input passed via the host-
name
- mod_evhost and mod_simple_vhost modules are not properly sanitizing user supplied input
via the hostname.
Vulnerability Detection Method
Sends a crafted HTTP GET request and checks the response.
Details: Lighttpd < 1.4.35 Multiple Vulnerabilities - Active Check
OID:1.3.6.1.4.1.25623.1.0.802072
Version used: 2023-02-01T10:08:40Z
References
cve: CVE-2014-2323
cve: CVE-2014-2324
I need help on how to resolve this vulnerability
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2024 09:03 PM
10-02-2024 09:03 PM
Re: Vulnerabilities Lighttpd in the HPE OfficeConnect Switch 1820 24G J9980A
Hello @paulo_rribeiro,
Thank you for posting.
HPE Networking forum has moved to Aruba Airheads Community and for HPE networking and Aruba product queries, we request you to visit and post your query here: Aruba Airheads Community
You can refer to the below link as well for more details:
HPE Networking forum migration to Aruba Airheads c... - Hewlett Packard Enterprise Community