High severity7.5NVD Advisory· Published Nov 8, 2013· Updated Jun 16, 2026
CVE-2013-4508
CVE-2013-4508
Description
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9Patches
Vulnerability mechanics
References
8- download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txtnvdExploitMitigationVendor Advisory
- jvn.jp/en/jp/JVN37417423/index.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-01/msg00049.htmlnvdMailing ListThird Party Advisory
- marc.infonvdIssue TrackingThird Party Advisory
- openwall.com/lists/oss-security/2013/11/04/19nvdMailing ListThird Party Advisory
- redmine.lighttpd.net/issues/2525nvdIssue TrackingVendor Advisory
- www.debian.org/security/2013/dsa-2795nvdThird Party Advisory
- redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/nvdBroken Link
News mentions
0No linked articles in our index yet.