Bug #2875
closedCVE-2013-1599
Description
I am doing a technical report on the security of security cameras. A fatal flaw in many cameras (most notably D-Link) described by CVE-2013-1599, appears to be a result of them using Lighttpd (at least that's what I got after watching https://youtu.be/B8DjTcANBx0?t=3m). Is this correct, and if so has Lighttpd responded and patched the vulnerability? Finally, what is the latest version of Lighttpd that the vulnerability exists on?
Please answer anything you can, and thank you very much.
Updated by gstrauss about 7 years ago
- Category deleted (
3rd party) - Status changed from New to Invalid
- Priority changed from Normal to Low
- Target version deleted (
1.4.x)
The CVE you referenced (from 2013) has not been published and you pointed to a BlackHat video from 2013 which demonstrated security holes in poorly written CGI, not in lighttpd. Please do your own homework.
Updated by Caston about 7 years ago
gstrauss wrote:
So the vulnerability was not actually part of Lighttpd.? Okay, thanks.
"Please do your own homework."? What do think I am doing? If I had known Lighttpd was not involved I wouldn't have asked. And I am not forcing you to help me with my report, I mean it was nice (and thanks again), but you make it sound like I had forced you to answer.
Also available in: Atom