CVE-2013-4508
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
We have discovered 2,124 live websites that are affected by CVE-2013-4508.
Affected Software
| Product |  lighttpd |
| Category | Web Servers |
| Vulnerable Domains | 2,124 live websites (4.36% of lighttpd install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 15 versions ( 26% of all versions) |
Details
- Published - Nov 8, 2013
- Updated - Aug 6, 2024
CVE References
Website Distribution by Country
Number of websites using CVE-2013-4508 United States | 289 websites |
 France | 792 websites |
 Czech Republic | 188 websites |
 Germany | 170 websites |
 Singapore | 108 websites |
 GB | 75 websites |
 Poland | 58 websites |
 India | 50 websites |
 Italy | 45 websites |
 Russia | 45 websites |
Website Distribution by TLD
Number of websites using CVE-2013-4508| .com | 524 websites |
| .fr | 492 websites |
| .net | 307 websites |
| .cz | 142 websites |
| .de | 99 websites |
| .org | 96 websites |
| .ru | 42 websites |
| .eu | 31 websites |
| .nl | 27 websites |
| .pl | 26 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2013-4508
Top websites that are affected by CVE-2013-4508. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.****.cz | Czech Republic | **,*** | |
| ********.com | United States | ***,*** | |
| ***.*********.com | United States | ***,*** | |
| *****.net | United States | ***,*** | |
| *********.********.pm | United States | ***,*** | |
| ***.****.fr | France | ***,*** | |
| *************.********.pm | United States | ***,*** | |
| ***.cz | Czech Republic | ***,*** | |
| ********.net | Singapore | ***,*** | |
| *****.**************.de | Germany | ***,*** |
References
- http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt
- http://openwall.com/lists/oss-security/2013/11/04/19
- http://marc.info/?l=bugtraq&m=141576815022399&w=2
- http://redmine.lighttpd.net/issues/2525
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
- https://www.debian.org/security/2013/dsa-2795
- http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/
- http://jvn.jp/en/jp/JVN37417423/index.html