📄 Lighttpd 1.4.66 FastCGI Resource Exhaustion

Proof of concept exploit for a resource exhaustion vulnerability that exists in lighttpd versions 1.4.56 through 1.4.66 affecting FastCGI and other gateway backends. When processing HTTP/1.1 requests using chunked transfer encoding with request-body streaming enabled, an anomalous client disconne...

Lighttpd 1.4.56 - 1.4.66 Resource Leak Denial of Service PoC

Summary lighttpd pronounced /lighty/ is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set FastCGI, CGI, Aut...

📄 Lighttpd 1.4.66 Resource Leak Denial of Service

Lighttpd versions 1.4.56 through 1.4.66 has a resource exhaustion vulnerability affecting gateway backends such as FastCGI. When handling an HTTP/1.1 request with chunked transfer encoding and request-body streaming enabled, lighttpd mishandles an anomalous client disconnect RDHUP / half-closed T...

A flaw was found in Ceph relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW causing a denial of service.

...

AZL-38998 CVE-2022-3854 affecting package ceph for versions less than 18.2.1-1

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...

UBUNTU-CVE-2022-3854

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...