Lucene search

K

MitreCVE-2007-1869

HistoryApr 18, 2007 - 3:19 a.m.

CVE-2007-1869

2007-04-1803:19:00

mitre

web.nvd.nist.gov

60

2

cve-2007-1869

lighttpd

denial of service

cpu consumption

resource consumption

remote attack

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.222

Percentile

96.5%

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.

Affected configurations

Nvd

Node

lighttpdlighttpdMatch1.4.12

OR

lighttpdlighttpdMatch1.4.13

VendorProductVersionCPE
lighttpdlighttpd1.4.12cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
lighttpdlighttpd1.4.13cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*

References

secunia.com/advisories/24886

secunia.com/advisories/24947

secunia.com/advisories/24995

secunia.com/advisories/25166

secunia.com/advisories/25613

security.gentoo.org/glsa/glsa-200705-07.xml

www.debian.org/security/2007/dsa-1303

www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt

www.novell.com/linux/security/advisories/2007_007_suse.html

www.securityfocus.com/archive/1/466464/30/6900/threaded

www.securityfocus.com/bid/23515

www.vupen.com/english/advisories/2007/1399

exchange.xforce.ibmcloud.com/vulnerabilities/33671

issues.rpath.com/browse/RPL-1218

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.222

Percentile

96.5%

Related for CVE-2007-1869

prion1 ubuntucve1 cvelist1 nessus4 debiancve1 openvas5 freebsd1 nvd1 debian1 gentoo1 osv2 securityvulns1