Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw
April 15, 2024 at 01:03PM A security flaw in the Lighttpd web server used in BMCs, unpatched by Intel and Lenovo, poses a risk of exfiltrating sensitive data. The absence of prompt security information prevents proper handling of the fixes down firmware and software supply chains. Out-of-bounds read vulnerabilities in susceptible versions of Lighttpd remain … Read more