Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

lighttpd 1.4.31 http_request_split_value Function Header Handling DoS

🗓️ 29 Nov 2012 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 36 Views

lighttpd 1.4.31 http_request_split_value Function Header Handling DoS vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today		lighttpd 1.4.31 Denial of Service PoC
21 Nov 201200:00
zdt
FreeBSD		lighttpd -- remote DoS in header parsing
17 Nov 201200:00
freebsd
Amazon		Medium: lighttpd
11 Apr 201300:00
amazon
Tenable Nessus		Amazon Linux AMI : lighttpd (ALAS-2013-179)
4 Sep 201300:00
nessus
Tenable Nessus		Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344)
4 Sep 201300:00
nessus
Tenable Nessus		Fedora 19 : lighttpd-1.4.32-1.fc19 (2013-15345)
4 Sep 201300:00
nessus
Tenable Nessus		FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)
23 Nov 201200:00
nessus
Tenable Nessus		GLSA-201406-10 : lighttpd: Multiple vulnerabilities
16 Jun 201400:00
nessus
Tenable Nessus		Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:100)
20 Apr 201300:00
nessus
Tenable Nessus		openSUSE Security Update : lighttpd (openSUSE-SU-2012:1532-1)
13 Jun 201400:00
nessus
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63094);
  script_version("1.10");
  script_cvs_date("Date: 2018/07/12 19:01:16");

  script_cve_id("CVE-2012-5533");
  script_bugtraq_id(56619);
  script_xref(name:"EDB-ID", value:"22902");

  script_name(english:"lighttpd 1.4.31 http_request_split_value Function Header Handling DoS");
  script_summary(english:"Checks version in Server response header.");
 
  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a denial of service
vulnerability.");
 script_set_attribute(attribute:"description", value:
"According to its banner, the version of lighttpd running on the remote
host is 1.4.31. It is, therefore, affected by a denial of service
vulnerability. An error in the http_request_split_value() function in
'src/request.c' can cause the application to enter an endless loop
when handling specially crafted 'Connection' header requests.

Note that Nessus has not tested for this issue but has instead relied
only on the version in the server's banner.");
  script_set_attribute(attribute:"see_also", value:"http://www.lighttpd.net/2012/11/21/1-4-32/");
  script_set_attribute(attribute:"see_also", value:"http://redmine.lighttpd.net/issues/2413");
  script_set_attribute(attribute:"see_also", value:"http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt");
  # Patch download
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5d138340");
  script_set_attribute(attribute:"solution", value:
"Upgrade to lighttpd version 1.4.32 or later. Alternatively, apply the
vendor-supplied patch.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");


  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/29");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:lighttpd:lighttpd");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");
  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("lighttpd_detect.nasl");
  script_require_keys("installed_sw/lighttpd", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80);
  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("vcf.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

appname = "lighttpd";
get_install_count(app_name:appname, exit_if_zero:TRUE);
port = get_http_port(default:80);
app_info = vcf::get_app_info(app:appname, port:port, webapp:TRUE);

vcf::check_granularity(app_info:app_info, sig_segments:3);

constraints = [{"fixed_version":"1.4.32"}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Jul 2018 19:01Current
5.4Medium risk
Vulners AI Score5.4
CVSS 25
EPSS0.37913
lighttpdversion 1.4.31denial of service
36