CVE-2011-4362 – lighttpd - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2011-4362
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. Error de signo de entero en la función base64_decode en la funcionalidad de autenticación HTTP (http_auth.c) en lighttpd v1.4 anterior a v1.4.30 y v1.5 antes de la revisión SVN 2806 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de una entrada elaborada en base64 provando una lectura "fuera de los límites" (out-of-bounds)con un índice negativo. • https://www.exploit-db.com/exploits/18295 http://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html http://blog.pi3.com.pl/?p=277 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt http://jvn.jp/en/jp/JVN37417423/index.html http://redmine.lighttpd.net/issues/2370 http://secunia.com/advisories/47260 http://www.debian.org/security/2011/dsa-2368 http://www.exploit-db.com/exploits/18295 http://www.openwall.com/lists/oss-security/2011/ •
CVE-2010-0295 – lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-0295
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. lighttpd anterior a v1.4.26 y v1.5.x, reserva un búfer por cada operación de lectura para cada petición, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) rompiendo la petición en pequeños pedazos que son enviados a baja velocidad. • https://www.exploit-db.com/exploits/33591 http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May • CWE-399: Resource Management Errors •
CVE-2008-4360
https://notcve.org/view.php?id=CVE-2008-4360
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files. mod_userdir de lighttpd versiones anteriores a v1.4.20, cuando un sistema operativo insensible a mayúsculas o minúsculas o sistemas de ficheros son utilizados, realiza comparaciones entre mayúsculas y minúsculas en componentes de nombres de ficheros en las opciones de configuración, lo cual puede permitir a atacantes remotos evitar restricciones de acceso intencionadas, como lo demostrado por un fichero .PHP cuando hay una regla de configuración de ficheros .php. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://openwall.com/lists/oss-security/2008/09/30/1 http://openwall.com/lists/oss-security/2008/09/30/2 http://openwall.com/lists/oss-security/2008/09/30/3 http://secunia.com/advisories/32069 http://secunia.com/advisories/32132 http://secunia.com/advisories/32480 http://secunia.com/advisories/32834 http://secunia.com/advisories/32972 http://security.gentoo.org/glsa/glsa-200812-04.xml http& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4359
https://notcve.org/view.php?id=CVE-2008-4359
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. lighttpd versiones anteriores a v1.4.20 compara URIs con patrones en los ajustes de configuración (1) url.redirect y (2) url.rewrite antes de realizar la decodificación de URL, lo cual puede permitir a atacantes remotos evitar restricciones de acceso intencionado, y obtener información sensible o posiblemente modificar datos. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://openwall.com/lists/oss-security/2008/09/30/1 http://openwall.com/lists/oss-security/2008/09/30/2 http://openwall.com/lists/oss-security/2008/09/30/3 http://secunia.com/advisories/32069 http://secunia.com/advisories/32132 http://secunia.com/advisories/32480 http://secunia.com/advisories/32834 http://secunia.com/advisories/32972 http://security.gentoo.org/glsa/glsa-200812-04.xml http& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4298
https://notcve.org/view.php?id=CVE-2008-4298
Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers. Fugas de memoria en la función http_request_parse en request.c en lighttpd anteriores a v1.4.20 permite a atacantes remotos causar denegación de servicio (corrupción de memoria) a través de un gran número de peticiones con cabeceras de peticiones duplicadas. • http://bugs.gentoo.org/show_bug.cgi?id=238180 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32069 http://secunia.com/advisories/32132 http://secunia.com/advisories/32480 http://secunia.com/advisories/32834 http://secunia.com/advisories/32972 http://security.gentoo.org/glsa/glsa-200812-04.xml http://trac.lighttpd.net/trac/changeset/2305 http://trac.lighttpd.net/trac/ticket/1774 http://wiki.rpath.com/Advisories:rPS • CWE-399: Resource Management Errors •