Lucene search

[email protected]NVD:CVE-2008-4298

HistorySep 27, 2008 - 10:30 a.m.

CVE-2008-4298

2008-09-2710:30:03

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

High

0.111 Low

EPSS

Percentile

95.2%

JSON

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

Affected configurations

NVD

Node

lighttpdlighttpdRange≤1.4.19

lighttpdlighttpdMatch1.1.1

lighttpdlighttpdMatch1.1.2

lighttpdlighttpdMatch1.1.3

lighttpdlighttpdMatch1.1.4

lighttpdlighttpdMatch1.1.5

lighttpdlighttpdMatch1.1.6

lighttpdlighttpdMatch1.1.7

lighttpdlighttpdMatch1.1.8

lighttpdlighttpdMatch1.1.9

lighttpdlighttpdMatch1.2.1

lighttpdlighttpdMatch1.2.2

lighttpdlighttpdMatch1.2.3

lighttpdlighttpdMatch1.2.4

lighttpdlighttpdMatch1.2.5

lighttpdlighttpdMatch1.2.6

lighttpdlighttpdMatch1.2.7

lighttpdlighttpdMatch1.2.8

lighttpdlighttpdMatch1.3.0

lighttpdlighttpdMatch1.3.1

lighttpdlighttpdMatch1.3.2

lighttpdlighttpdMatch1.3.3

lighttpdlighttpdMatch1.3.4

lighttpdlighttpdMatch1.3.5

lighttpdlighttpdMatch1.3.6

lighttpdlighttpdMatch1.3.7

lighttpdlighttpdMatch1.3.8

lighttpdlighttpdMatch1.3.9

lighttpdlighttpdMatch1.3.10

lighttpdlighttpdMatch1.3.11

lighttpdlighttpdMatch1.3.12

lighttpdlighttpdMatch1.3.13

lighttpdlighttpdMatch1.3.14

lighttpdlighttpdMatch1.3.15

lighttpdlighttpdMatch1.3.16

lighttpdlighttpdMatch1.4.0

lighttpdlighttpdMatch1.4.1

lighttpdlighttpdMatch1.4.2

lighttpdlighttpdMatch1.4.3

lighttpdlighttpdMatch1.4.4

lighttpdlighttpdMatch1.4.5

lighttpdlighttpdMatch1.4.6

lighttpdlighttpdMatch1.4.7

lighttpdlighttpdMatch1.4.8

lighttpdlighttpdMatch1.4.9

lighttpdlighttpdMatch1.4.10

lighttpdlighttpdMatch1.4.11

lighttpdlighttpdMatch1.4.12

lighttpdlighttpdMatch1.4.13

lighttpdlighttpdMatch1.4.14

lighttpdlighttpdMatch1.4.15

lighttpdlighttpdMatch1.4.16

lighttpdlighttpdMatch1.4.17

lighttpdlighttpdMatch1.4.18

References

bugs.gentoo.org/show_bug.cgi?id=238180

lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

secunia.com/advisories/32069

secunia.com/advisories/32132

secunia.com/advisories/32480

secunia.com/advisories/32834

secunia.com/advisories/32972

security.gentoo.org/glsa/glsa-200812-04.xml

trac.lighttpd.net/trac/changeset/2305

trac.lighttpd.net/trac/ticket/1774

wiki.rpath.com/Advisories:rPSA-2008-0309

wiki.rpath.com/wiki/Advisories:rPSA-2008-0309

www.debian.org/security/2008/dsa-1645

www.lighttpd.net/security/lighttpd_sa_2008_07.txt

www.openwall.com/lists/oss-security/2008/09/26/5

www.securityfocus.com/archive/1/497932/100/0/threaded

www.securityfocus.com/bid/31434

www.vupen.com/english/advisories/2008/2741

exchange.xforce.ibmcloud.com/vulnerabilities/45471

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

High

0.111 Low

EPSS

Percentile

95.2%

JSON

Related for NVD:CVE-2008-4298

prion1 cvelist1 debiancve1 cve1 ubuntucve1 nessus7 fedora1 debian1 gentoo1 openvas7 securityvulns2 freebsd1 osv1 ibm1