GeneralInformation

Cloud Provider	DigitalOcean
Cloud Region	us-ca
Country	United States
City	Santa Clara
Organization	DigitalOcean, LLC
ISP	DigitalOcean, LLC
ASN	AS14061

WebTechnologies

JavaScript libraries

jQuery

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2022-22707

4.3In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.

CVE-2019-11072

7.5lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.

OpenPorts

22 80

-509976400 | 2024-04-28T09:19:21.123045

22 / tcp

SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDn/guIjZcqqRYQYryFaF+C7RwD8JQuQq+B/jvlVFujUeX7
7twArJ3EXPoZu8h/B+zimgv1ZdLGXVvy7lOjvpBVSn61c5pebnKTMhkiCl1NOBu02QUtoozkOJ7I
8X0vgKKM4FZsLSQ1UMrxTvgiNwJtvtp7oBeVav8Zo9MgK/85F2LfWLlGPKkytZkCPjWUf1mtatTx
eG0+yx9q9XGBJKMKwJPEuDV5v+qZdLArimyIhiMQxQrWOPTOZvaUmHYiI9tEQGoZqn+20dj4kQey
0qBavTsmrO2Hbifk5ESfjXZOpqIxoh7zEtXzXhv1yVINIymuo1iHDtK1jRZRht3BeMjz
Fingerprint: 81:6c:ab:95:7b:74:98:8e:55:6f:29:17:8c:13:22:e0

Kex Algorithms:
	curve25519-sha256
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group16-sha512
	diffie-hellman-group18-sha512
	diffie-hellman-group14-sha256
	diffie-hellman-group14-sha1

Server Host Key Algorithms:
	rsa-sha2-512
	rsa-sha2-256
	ssh-rsa
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	chacha20-poly1305@openssh.com
	aes128-ctr
	aes192-ctr
	aes256-ctr
	aes128-gcm@openssh.com
	aes256-gcm@openssh.com

MAC Algorithms:
	umac-64-etm@openssh.com
	umac-128-etm@openssh.com
	hmac-sha2-256-etm@openssh.com
	hmac-sha2-512-etm@openssh.com
	hmac-sha1-etm@openssh.com
	umac-64@openssh.com
	umac-128@openssh.com
	hmac-sha2-256
	hmac-sha2-512
	hmac-sha1

Compression Algorithms:
	none
	zlib@openssh.com

1964396084 | 2024-04-28T09:26:34.487671

80 / tcp

HTTP/1.1 200 OK
Content-type: text/html; charset=UTF-8
Content-Length: 12299
Date: Sun, 28 Apr 2024 09:26:34 GMT
Server: lighttpd/1.4.53

138.68.224.58

Last Seen: 2024-04-28

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-509976400 | 2024-04-28T09:19:21.123045
22 / tcp

OpenSSH7.9p1 Debian 10+deb10u2

1964396084 | 2024-04-28T09:26:34.487671
80 / tcp

lighttpd1.4.53

Products

Pricing

Contact Us