Lucene search

K

[email protected]NVD:CVE-2007-1869

HistoryApr 18, 2007 - 3:19 a.m.

CVE-2007-1869

2007-04-1803:19:00

[email protected]

web.nvd.nist.gov

4

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

High

EPSS

0.222

Percentile

96.5%

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.

Affected configurations

Nvd

Node

lighttpdlighttpdMatch1.4.12

OR

lighttpdlighttpdMatch1.4.13

VendorProductVersionCPE
lighttpdlighttpd1.4.12cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
lighttpdlighttpd1.4.13cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*

References

secunia.com/advisories/24886

secunia.com/advisories/24947

secunia.com/advisories/24995

secunia.com/advisories/25166

secunia.com/advisories/25613

security.gentoo.org/glsa/glsa-200705-07.xml

www.debian.org/security/2007/dsa-1303

www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt

www.novell.com/linux/security/advisories/2007_007_suse.html

www.securityfocus.com/archive/1/466464/30/6900/threaded

www.securityfocus.com/bid/23515

www.vupen.com/english/advisories/2007/1399

exchange.xforce.ibmcloud.com/vulnerabilities/33671

issues.rpath.com/browse/RPL-1218

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

High

EPSS

0.222

Percentile

96.5%

Related for NVD:CVE-2007-1869

prion1 ubuntucve1 cvelist1 nessus4 debiancve1 openvas5 freebsd1 cve1 debian1 gentoo1 osv2 securityvulns1