5

CVE-2008-4298

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LighttpdLighttpd Version <= 1.4.19
LighttpdLighttpd Version1.1.1
LighttpdLighttpd Version1.1.2
LighttpdLighttpd Version1.1.3
LighttpdLighttpd Version1.1.4
LighttpdLighttpd Version1.1.5
LighttpdLighttpd Version1.1.6
LighttpdLighttpd Version1.1.7
LighttpdLighttpd Version1.1.8
LighttpdLighttpd Version1.1.9
LighttpdLighttpd Version1.2.1
LighttpdLighttpd Version1.2.2
LighttpdLighttpd Version1.2.3
LighttpdLighttpd Version1.2.4
LighttpdLighttpd Version1.2.5
LighttpdLighttpd Version1.2.6
LighttpdLighttpd Version1.2.7
LighttpdLighttpd Version1.2.8
LighttpdLighttpd Version1.3.0
LighttpdLighttpd Version1.3.1
LighttpdLighttpd Version1.3.2
LighttpdLighttpd Version1.3.3
LighttpdLighttpd Version1.3.4
LighttpdLighttpd Version1.3.5
LighttpdLighttpd Version1.3.6
LighttpdLighttpd Version1.3.7
LighttpdLighttpd Version1.3.8
LighttpdLighttpd Version1.3.9
LighttpdLighttpd Version1.3.10
LighttpdLighttpd Version1.3.11
LighttpdLighttpd Version1.3.12
LighttpdLighttpd Version1.3.13
LighttpdLighttpd Version1.3.14
LighttpdLighttpd Version1.3.15
LighttpdLighttpd Version1.3.16
LighttpdLighttpd Version1.4.0
LighttpdLighttpd Version1.4.1
LighttpdLighttpd Version1.4.2
LighttpdLighttpd Version1.4.3
LighttpdLighttpd Version1.4.4
LighttpdLighttpd Version1.4.5
LighttpdLighttpd Version1.4.6
LighttpdLighttpd Version1.4.7
LighttpdLighttpd Version1.4.8
LighttpdLighttpd Version1.4.9
LighttpdLighttpd Version1.4.10
LighttpdLighttpd Version1.4.11
LighttpdLighttpd Version1.4.12
LighttpdLighttpd Version1.4.13
LighttpdLighttpd Version1.4.14
LighttpdLighttpd Version1.4.15
LighttpdLighttpd Version1.4.16
LighttpdLighttpd Version1.4.17
LighttpdLighttpd Version1.4.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.53% 0.877
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://secunia.com/advisories/32834
http://bugs.gentoo.org/show_bug.cgi?id=238180
http://secunia.com/advisories/32069
http://secunia.com/advisories/32132
http://secunia.com/advisories/32480
http://secunia.com/advisories/32972
http://security.gentoo.org/glsa/glsa-200812-04.xml
http://trac.lighttpd.net/trac/changeset/2305
http://trac.lighttpd.net/trac/ticket/1774
Patch
http://wiki.rpath.com/Advisories:rPSA-2008-0309
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309
http://www.debian.org/security/2008/dsa-1645
http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
http://www.openwall.com/lists/oss-security/2008/09/26/5
http://www.securityfocus.com/archive/1/497932/100/0/threaded
http://www.securityfocus.com/bid/31434
http://www.vupen.com/english/advisories/2008/2741
https://exchange.xforce.ibmcloud.com/vulnerabilities/45471