Lucene search

K
freebsdFreeBSD5678DA43-EA99-11DB-A802-000FEA2763CE
HistoryJan 14, 2007 - 12:00 a.m.

lighttpd -- DOS when access files with mtime 0

2007-01-1400:00:00
vuxml.freebsd.org
9

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.068 Low

EPSS

Percentile

93.9%

Lighttpd SA:

Lighttpd caches the rendered string for mtime. The cache key has
as a default value 0. At that point the pointer to the string are
still NULL. If a file with an mtime of 0 is requested it tries to
access the pointer and crashes.
The bug requires that a malicious user can either upload files or
manipulate the mtime of the files.
The bug was reported by cubiq and fixed by Marcus Rueckert.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchlighttpd< 1.4.15UNKNOWN

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.068 Low

EPSS

Percentile

93.9%