"Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw"

According to Binarly, there is an unpatched security flaw impacting the Lighttpd web server in Intel and Lenovo Baseboard Management Controllers (BMCs). Although the original flaw was discovered and patched by Lighttpd maintainers in August 2018 with version 1.4.51, the lack of a CVE identifier or advisory has caused it to be overlooked by AMI MegaRAC BMC developers. It has made its way into products made by Intel and Lenovo. Lighttpd is an open source high-performance web server software that prioritizes speed, security, and flexibility while remaining resource-efficient in high-performance environments. This article continues to discuss the potential exploitation and impact of the unpatched Lighttpd server flaw.

THN reports "Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw"

Submitted by grigby1

 

Submitted by Gregory Rigby on