Lucene search

PRIOn knowledge basePRION:CVE-2007-1869

HistoryApr 18, 2007 - 3:19 a.m.

Design/Logic Flaw

2007-04-1803:19:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

0.222 Low

EPSS

Percentile

96.5%

JSON

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.

CPENameOperatorVersion
lighttpdeq1.4.12
lighttpdeq1.4.13

CPE	Name	Operator	Version
	lighttpd	eq	1.4.12
	lighttpd	eq	1.4.13

References

secunia.com/advisories/24886

secunia.com/advisories/24947

secunia.com/advisories/24995

secunia.com/advisories/25166

secunia.com/advisories/25613

security.gentoo.org/glsa/glsa-200705-07.xml

www.debian.org/security/2007/dsa-1303

www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt

www.novell.com/linux/security/advisories/2007_007_suse.html

www.securityfocus.com/archive/1/466464/30/6900/threaded

www.securityfocus.com/bid/23515

www.vupen.com/english/advisories/2007/1399

exchange.xforce.ibmcloud.com/vulnerabilities/33671

issues.rpath.com/browse/RPL-1218