Vulnerability Details CVE-2013-4560
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.133
EPSS Ranking 93.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt
- http://jvn.jp/en/jp/JVN37417423/index.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
- http://marc.info/?l=bugtraq&m=141576815022399&w=2
- http://secunia.com/advisories/55682
- http://www.openwall.com/lists/oss-security/2013/11/12/4
- https://www.debian.org/security/2013/dsa-2795
- http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt
- http://jvn.jp/en/jp/JVN37417423/index.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html
- http://marc.info/?l=bugtraq&m=141576815022399&w=2
- http://secunia.com/advisories/55682
- http://www.openwall.com/lists/oss-security/2013/11/12/4
- https://www.debian.org/security/2013/dsa-2795
Products affected by CVE-2013-4560
-
cpe:2.3:a:lighttpd:lighttpd:1.3.11
-
cpe:2.3:a:lighttpd:lighttpd:1.3.12
-
cpe:2.3:a:lighttpd:lighttpd:1.3.13
-
cpe:2.3:a:lighttpd:lighttpd:1.3.14
-
cpe:2.3:a:lighttpd:lighttpd:1.3.15
-
cpe:2.3:a:lighttpd:lighttpd:1.3.16
-
cpe:2.3:a:lighttpd:lighttpd:1.4.1
-
cpe:2.3:a:lighttpd:lighttpd:1.4.10
-
cpe:2.3:a:lighttpd:lighttpd:1.4.11
-
cpe:2.3:a:lighttpd:lighttpd:1.4.12
-
cpe:2.3:a:lighttpd:lighttpd:1.4.13
-
cpe:2.3:a:lighttpd:lighttpd:1.4.14
-
cpe:2.3:a:lighttpd:lighttpd:1.4.15
-
cpe:2.3:a:lighttpd:lighttpd:1.4.16
-
cpe:2.3:a:lighttpd:lighttpd:1.4.17
-
cpe:2.3:a:lighttpd:lighttpd:1.4.18
-
cpe:2.3:a:lighttpd:lighttpd:1.4.19
-
cpe:2.3:a:lighttpd:lighttpd:1.4.2
-
cpe:2.3:a:lighttpd:lighttpd:1.4.20
-
cpe:2.3:a:lighttpd:lighttpd:1.4.21
-
cpe:2.3:a:lighttpd:lighttpd:1.4.22
-
cpe:2.3:a:lighttpd:lighttpd:1.4.23
-
cpe:2.3:a:lighttpd:lighttpd:1.4.24
-
cpe:2.3:a:lighttpd:lighttpd:1.4.25
-
cpe:2.3:a:lighttpd:lighttpd:1.4.26
-
cpe:2.3:a:lighttpd:lighttpd:1.4.27
-
cpe:2.3:a:lighttpd:lighttpd:1.4.28
-
cpe:2.3:a:lighttpd:lighttpd:1.4.29
-
cpe:2.3:a:lighttpd:lighttpd:1.4.3
-
cpe:2.3:a:lighttpd:lighttpd:1.4.30
-
cpe:2.3:a:lighttpd:lighttpd:1.4.31
-
cpe:2.3:a:lighttpd:lighttpd:1.4.32
-
cpe:2.3:a:lighttpd:lighttpd:1.4.4
-
cpe:2.3:a:lighttpd:lighttpd:1.4.5
-
cpe:2.3:a:lighttpd:lighttpd:1.4.6
-
cpe:2.3:a:lighttpd:lighttpd:1.4.7
-
cpe:2.3:a:lighttpd:lighttpd:1.4.8
-
cpe:2.3:a:lighttpd:lighttpd:1.4.9
-
cpe:2.3:o:debian:debian_linux:6.0
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:opensuse:opensuse:12.2
-
cpe:2.3:o:opensuse:opensuse:12.3
-
cpe:2.3:o:opensuse:opensuse:13.1