Practical examples of CVE-2014-2324 and 2323
Could somebody please provide some examples on how the CVE-2014-2324 and CVE-2014-2323 could be exploited in practice.
Like could I use the URL like www.example.
(I take it this will only work with permissions for www-data)
Also how about SQL injection
www.example.
www.example.
I need to check a site that was running an outdated version of Lighttpd
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu lighttpd Edit question
- Assignee:
- No assignee Edit question
- Last query:
- 2014-09-28
- Last reply:
- 2014-09-29
Thomas Krüger (thkrueger) said : | #1 |
No, we don't provide practical examples of how to exploid systems!
Andrew (am-public-o) said : | #2 |
Ha when you put it that way, I see why. I'm trying to work out if my system is vulnerable. It's just exploits become complicated so it makes it hard to work out were a potential attack vector comes from.
I can see in the error logs there have been a number of hits of various directories and also /etc/passwd.
Maybe somebody could then state simply - do the files need to be explicitly owned by www-data ?? in order to access or could a xx5 permission be enough?
Can you help with this problem?
Provide an answer of your own, or ask Andrew for more information if necessary.