5

CVE-2010-0295

Exploit
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LighttpdLighttpd Version <= 1.4.25
LighttpdLighttpd Version1.0.2
LighttpdLighttpd Version1.0.3
LighttpdLighttpd Version1.1.0
LighttpdLighttpd Version1.1.1
LighttpdLighttpd Version1.1.2
LighttpdLighttpd Version1.1.3
LighttpdLighttpd Version1.1.4
LighttpdLighttpd Version1.1.5
LighttpdLighttpd Version1.1.6
LighttpdLighttpd Version1.1.7
LighttpdLighttpd Version1.1.8
LighttpdLighttpd Version1.1.9
LighttpdLighttpd Version1.2.0
LighttpdLighttpd Version1.2.1
LighttpdLighttpd Version1.2.2
LighttpdLighttpd Version1.2.3
LighttpdLighttpd Version1.2.5
LighttpdLighttpd Version1.2.6
LighttpdLighttpd Version1.2.7
LighttpdLighttpd Version1.2.8
LighttpdLighttpd Version1.3.0
LighttpdLighttpd Version1.3.1
LighttpdLighttpd Version1.3.2
LighttpdLighttpd Version1.3.3
LighttpdLighttpd Version1.3.4
LighttpdLighttpd Version1.3.5
LighttpdLighttpd Version1.3.6
LighttpdLighttpd Version1.3.8
LighttpdLighttpd Version1.3.9
LighttpdLighttpd Version1.3.10
LighttpdLighttpd Version1.3.11
LighttpdLighttpd Version1.3.12
LighttpdLighttpd Version1.3.13
LighttpdLighttpd Version1.3.14
LighttpdLighttpd Version1.3.15
LighttpdLighttpd Version1.3.16
LighttpdLighttpd Version1.4.0
LighttpdLighttpd Version1.4.2
LighttpdLighttpd Version1.4.3
LighttpdLighttpd Version1.4.4
LighttpdLighttpd Version1.4.5
LighttpdLighttpd Version1.4.6
LighttpdLighttpd Version1.4.7
LighttpdLighttpd Version1.4.8
LighttpdLighttpd Version1.4.9
LighttpdLighttpd Version1.4.10
LighttpdLighttpd Version1.4.11
LighttpdLighttpd Version1.4.12
LighttpdLighttpd Version1.4.13
LighttpdLighttpd Version1.4.14
LighttpdLighttpd Version1.4.15
LighttpdLighttpd Version1.4.16
LighttpdLighttpd Version1.4.17
LighttpdLighttpd Version1.4.18
LighttpdLighttpd Version1.4.19
LighttpdLighttpd Version1.4.20
LighttpdLighttpd Version1.4.21
LighttpdLighttpd Version1.4.22
LighttpdLighttpd Version1.4.23
LighttpdLighttpd Version1.4.24
LighttpdLighttpd Version1.5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.11% 0.956
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch
Patch
http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch
Patch
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html
http://redmine.lighttpd.net/issues/2147
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711
http://secunia.com/advisories/38403
Vendor Advisory
http://secunia.com/advisories/39765
http://security.gentoo.org/glsa/glsa-201006-17.xml
http://www.debian.org/security/2010/dsa-1987
http://www.openwall.com/lists/oss-security/2010/02/01/8
http://www.securityfocus.com/bid/38036
Patch
Exploit
http://www.vupen.com/english/advisories/2011/0172
https://exchange.xforce.ibmcloud.com/vulnerabilities/56038