15 matches found
SUSE CVE-2010-0295
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service memory consumption by breaking a request into small pieces that are sent at a slow rate...
CVE-2010-0295
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service memory consumption by breaking a request into small pieces that are sent at a slow rate...
Oracle Solaris Third-Party Patch Update : lighttpd (cve_2014_2469_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service memory consumption by breaking a request into...
Gentoo Security Advisory GLSA 201006-17 (lighttpd)
The remote host is missing updates announced in advisory GLSA 201006-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Fedora 12 : lighttpd-1.4.26-2.fc12 (2010-7643)
Update lighttpd to the latest version of the 1.4 branch, with the spawn-fcgi program split out for the first time on EL. This fixes CVE-2010-0295 and also includes a fix for upstream bug 2157 where SSL stopped working with RHEL 5.4. Note that Tenable Network Security has extracted the preceding...
Fedora 11 : lighttpd-1.4.26-2.fc11 (2010-7636)
Update lighttpd to the latest version of the 1.4 branch, with the spawn-fcgi program split out for the first time on EL. This fixes CVE-2010-0295 and also includes a fix for upstream bug 2157 where SSL stopped working with RHEL 5.4. Note that Tenable Network Security has extracted the preceding...
Fedora Update for lighttpd FEDORA-2010-7636
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
FreeBSD Ports: lighttpd
The remote host is missing an update to the system as announced in the referenced advisory. VID 1a3bd81f-1b25-11df-bd1a-002170daae37 OpenVAS Vulnerability Test $ Description: Auto generated from VID 1a3bd81f-1b25-11df-bd1a-002170daae37 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
FreeBSD Ports: lighttpd
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
openSUSE Security Update : lighttpd (lighttpd-1914)
This update fixes a denial of service vulnerability in lighttpd that can be triggers using slow requests. CVE-2010-0295 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update lighttpd-1914. The text...
openSUSE Security Update : lighttpd (lighttpd-1914)
This update fixes a denial of service vulnerability in lighttpd that can be triggers using slow requests. CVE-2010-0295 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update lighttpd-1914. The text...
lighttpd畸形HTTP请求远程拒绝服务漏洞
BUGTRAQ ID: 38036 CVE ID: CVE-2010-0295 Lighttpd是一款轻型的开放源码Web Server软件包。 Lighttpd服务器每次接收到网络报文都会分配4K或16K的堆内存,如果远程攻击者缓慢的发送HTTP请求(如每秒钟发送1字节),就会耗尽所有可用内存导致服务器终止。 LightTPD LightTPD 1.5 LightTPD LightTPD 1.4.x 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1987-1)以及相应补丁: DSA-1987-1:lighttpd -- denial of...
CVE-2010-0295
CVE-2010-0295 affects lighttpd 1.4.26 and 1.5.x, where a buffer is allocated per read operation for a request, enabling a remote attacker to cause memory consumption/DoS by sending a request in small pieces slowly. Connected sources (IBM IMM bulletin, Nessus/SEC advisories) confirm this vulnerabi...
[SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA-1987-1 [email protected] http://www.debian.org/security/ Nico Golde February 2nd, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1987-1] New lighttpd packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1987-1 [email protected] http://www.debian.org/security/ Nico Golde February 2nd, 2010 http://www.debian.org/security/faq -...