CVSS: 7.5EPSS: 8%CPEs: 5EXPL: 7CVE-2011-4362 – lighttpd - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2011-4362
24 Dec 2011 — Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. Error de signo de entero en la función base64_decode en la funcionalidad de autenticación HTTP (http_auth.c) en lighttpd v1.4 anterior a v1.4.30 y v1.5 antes de la revisión SVN 2806... • https://www.exploit-db.com/exploits/18295 •
CVSS: 7.5EPSS: 9%CPEs: 62EXPL: 2CVE-2010-0295 – lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-0295
03 Feb 2010 — lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. lighttpd anterior a v1.4.26 y v1.5.x, reserva un búfer por cada operación de lectura para cada petición, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) rompiendo la petición en pequeños pedazos que son enviados a... • https://www.exploit-db.com/exploits/33591 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 19%CPEs: 3EXPL: 0CVE-2008-1531
https://notcve.org/view.php?id=CVE-2008-1531
27 Mar 2008 — The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. La función connection_state_machine (connections.c) en lighttpd versión 1.4.19 y anteriores, y versión 1.5.x anterior a 1.5.0, permite a los atacantes remotos generar una denegación de s... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html •