CVE-2013-4559
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.
We have discovered 2,122 live websites that are affected by CVE-2013-4559.
Affected Software
| Product |  lighttpd |
| Category | Web Servers |
| Vulnerable Domains | 2,122 live websites (4.35% of lighttpd install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 14 versions ( 24% of all versions) |
Details
- Published - Nov 19, 2013
- Updated - Aug 6, 2024
CVE References
Website Distribution by Country
Number of websites using CVE-2013-4559 United States | 288 websites |
 France | 792 websites |
 Czech Republic | 188 websites |
 Germany | 170 websites |
 Singapore | 108 websites |
 GB | 75 websites |
 Poland | 58 websites |
 India | 50 websites |
 Italy | 45 websites |
 Russia | 45 websites |
Website Distribution by TLD
Number of websites using CVE-2013-4559| .com | 522 websites |
| .fr | 492 websites |
| .net | 307 websites |
| .cz | 142 websites |
| .de | 99 websites |
| .org | 96 websites |
| .ru | 42 websites |
| .eu | 31 websites |
| .nl | 27 websites |
| .pl | 26 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2013-4559
Top websites that are affected by CVE-2013-4559. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.****.cz | Czech Republic | **,*** | |
| ********.com | United States | ***,*** | |
| ***.*********.com | United States | ***,*** | |
| *****.net | United States | ***,*** | |
| *********.********.pm | United States | ***,*** | |
| ***.****.fr | France | ***,*** | |
| *************.********.pm | United States | ***,*** | |
| ***.cz | Czech Republic | ***,*** | |
| ********.net | Singapore | ***,*** | |
| *****.**************.de | Germany | ***,*** |
References
- http://secunia.com/advisories/55682
- http://marc.info/?l=bugtraq&m=141576815022399&w=2
- http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
- https://www.debian.org/security/2013/dsa-2795
- http://www.openwall.com/lists/oss-security/2013/11/12/4
- https://kc.mcafee.com/corporate/index?page=content&id=SB10310
- http://jvn.jp/en/jp/JVN37417423/index.html