High severity7.5NVD Advisory· Published Jun 9, 2015· Updated Jun 17, 2026
CVE-2015-3200
CVE-2015-3200
Description
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- cpe:2.3:a:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*Range: <=15.07
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- osv-coords6 versionspkg:rpm/suse/lighttpd&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2011%20SP4pkg:rpm/suse/lighttpd&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP1pkg:rpm/suse/lighttpd&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2pkg:rpm/suse/lighttpd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/lighttpd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/lighttpd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 1.4.20-2.58.1+ 5 more
- (no CPE)range: < 1.4.20-2.58.1
- (no CPE)range: < 1.4.35-3.1
- (no CPE)range: < 1.4.35-3.1
- (no CPE)range: < 1.4.20-2.58.1
- (no CPE)range: < 1.4.35-3.1
- (no CPE)range: < 1.4.20-2.58.1
Patches
Vulnerability mechanics
References
9- jaanuskp.blogspot.com/2015/05/cve-2015-3200.htmlnvdExploitThird Party Advisory
- redmine.lighttpd.net/issues/2646nvdVendor Advisory
- www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlnvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdVendor Advisory
- www.securitytracker.com/id/1032405nvdVDB Entry
- lists.fedoraproject.org/pipermail/package-announce/2015-August/163223.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-August/163286.htmlnvd
- www.securityfocus.com/bid/74813nvd
- kc.mcafee.com/corporate/indexnvd
News mentions
0No linked articles in our index yet.