Lucene search

K
osvGoogleOSV:DSA-1303-1
HistoryJun 10, 2007 - 12:00 a.m.

lighttpd - denial of service

2007-06-1000:00:00
Google
osv.dev
4

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.222 Low

EPSS

Percentile

96.5%

Two problems were discovered with lighttpd, a fast webserver with
minimal memory footprint, which could allow denial of service.
The Common Vulnerabilities and Exposures project identifies the
following problems:

  • CVE-2007-1869
    Remote attackers could cause denial of service by disconnecting
    partway through making a request.
  • CVE-2007-1870
    A NULL pointer dereference could cause a crash when serving files
    with a mtime of 0.

For the stable distribution (etch) these problems have been fixed in
version 1.4.13-4etch1.

For the unstable distribution (sid) these problems have been fixed in
version 1.4.14-1.

We recommend that you upgrade your lighttpd package.

CPENameOperatorVersion
lighttpdeq1.4.13-4

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.222 Low

EPSS

Percentile

96.5%