Vulnerability Details CVE-2007-1869
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.059
EPSS Ranking 90.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/24886
- http://secunia.com/advisories/24947
- http://secunia.com/advisories/24995
- http://secunia.com/advisories/25166
- http://secunia.com/advisories/25613
- http://security.gentoo.org/glsa/glsa-200705-07.xml
- http://www.debian.org/security/2007/dsa-1303
- http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt
- http://www.novell.com/linux/security/advisories/2007_007_suse.html
- http://www.securityfocus.com/archive/1/466464/30/6900/threaded
- http://www.securityfocus.com/bid/23515
- http://www.vupen.com/english/advisories/2007/1399
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33671
- https://issues.rpath.com/browse/RPL-1218
- http://secunia.com/advisories/24886
- http://secunia.com/advisories/24947
- http://secunia.com/advisories/24995
- http://secunia.com/advisories/25166
- http://secunia.com/advisories/25613
- http://security.gentoo.org/glsa/glsa-200705-07.xml
- http://www.debian.org/security/2007/dsa-1303
- http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt
- http://www.novell.com/linux/security/advisories/2007_007_suse.html
- http://www.securityfocus.com/archive/1/466464/30/6900/threaded
- http://www.securityfocus.com/bid/23515
- http://www.vupen.com/english/advisories/2007/1399
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33671
- https://issues.rpath.com/browse/RPL-1218