Page 5 of 28 results (0.010 seconds)

CVSS: 4.3EPSS: 6%CPEs: 1EXPL: 0

lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. lighttpd 1.4.15, cuando funciona bajo plataformas de 32 bits, permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de vectores no especificados afectando al uso de especificaciones de formatos incompatibles en ciertos mensajes de depuración en los módulos (1) mod_scgi, (2) mod_fastcgi, y (3) mod_webdav. • http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://securityreason.com/securityalert/2909 http://trac.lighttpd.net/trac/changeset/1882 http://trac.lighttpd.net/trac/ticket/1263 http://www.debian.org/security/2007/dsa-1362 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/archive/1& •

CVSS: 4.3EPSS: 14%CPEs: 1EXPL: 0

connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. connections.c en lighttpd anterior 1.4.16 podría aceptar mas conexiones que el máximo configurado, lo cual permite a atacantes remotos provocar denegación de servicio (fallo de afirmación) a través de un gran número de intentos de conexión. • http://osvdb.org/38312 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/31104 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1873 http://trac.lighttpd.net/trac/ticket/1216 http://www.debian.org/security/2008/dsa-1609 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/archive/1/474131/100/0 •

CVSS: 5.8EPSS: 15%CPEs: 1EXPL: 1

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault. request.c en lighttpd 1.4.15 permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través del envío de una respuesta HTTP con cabeceras duplicadas, como se demostró con una respuesta que contiene dos lineas de cabecera Location, el cual deriva en un fallo de segmentación. • https://www.exploit-db.com/exploits/30322 http://osvdb.org/38313 http://secunia.com/advisories/26130 http://secunia.com/advisories/26158 http://secunia.com/advisories/26505 http://secunia.com/advisories/26593 http://security.gentoo.org/glsa/glsa-200708-11.xml http://trac.lighttpd.net/trac/changeset/1869 http://trac.lighttpd.net/trac/ticket/1232 http://www.debian.org/security/2007/dsa-1362 http://www.novell.com/linux/security/advisories/2007_15_sr.html http:/& •

CVSS: 5.0EPSS: 22%CPEs: 2EXPL: 0

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. lighttpd 1.4.12 y 1.4.13 permite a atacantes remotos provocar una denegación de servicio (consumo de recursos y cpu) desconectando cuando lighttpd está analizando secuencias CRLF, lo cual provoca un bucle infinito y el consumo de descriptor de fichero. • http://secunia.com/advisories/24886 http://secunia.com/advisories/24947 http://secunia.com/advisories/24995 http://secunia.com/advisories/25166 http://secunia.com/advisories/25613 http://security.gentoo.org/glsa/glsa-200705-07.xml http://www.debian.org/security/2007/dsa-1303 http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/archive/1/466464/30/6900/threaded •

CVSS: 7.8EPSS: 5%CPEs: 30EXPL: 0

lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. lighttpd anterior a 1.4.14 permite a atacantes provocar una denegación de servicio (caída) mediante una petición a un fichero cuyo mtime es 0, lo cual resulta en una referencia a puntero nulo. • http://secunia.com/advisories/24886 http://secunia.com/advisories/24947 http://secunia.com/advisories/24995 http://secunia.com/advisories/25166 http://secunia.com/advisories/25613 http://security.gentoo.org/glsa/glsa-200705-07.xml http://www.debian.org/security/2007/dsa-1303 http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/archive/1/466464/30/6900/threaded •