CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41556 – Debian Security Advisory 5243-1
https://notcve.org/view.php?id=CVE-2022-41556
28 Sep 2022 — A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. Un filtrado de recursos en el archivo gw_backend.c en lighttpd versiones 1.4.56 hasta 1.4.66, podría conllevar a una denegación de servicio (agotamiento de la ranura de conexión)... • https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 75%CPEs: 3EXPL: 3CVE-2022-30780
https://notcve.org/view.php?id=CVE-2022-30780
11 Jun 2022 — Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. Lighttpd versiones 1.4.56 hasta 1.4.58, permite a un atacante remoto causar una denegación de servicio (consumo de CPU por conexiones atascadas) porque la función connection_read_header_more en el archivo connections.c presenta una errata que interrumpe el u... • https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service • CWE-682: Incorrect Calculation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22707 – Ubuntu Security Notice USN-5903-1
https://notcve.org/view.php?id=CVE-2022-22707
06 Jan 2022 — In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. En lighttpd versiones 1.4.46 hasta 1.4.63, la función mod_extforward_Forwarde... • https://redmine.lighttpd.net/issues/3134 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 8CVE-2011-4362 – lighttpd - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2011-4362
21 Dec 2011 — Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. Error de signo de entero en la función base64_decode en la funcionalidad de autenticación HTTP (http_auth.c) en lighttpd v1.4 anterior a v1.4.30 y v1.5 antes de la revisión SVN 2806... • https://packetstorm.news/files/id/108155 •
CVSS: 7.5EPSS: 5%CPEs: 62EXPL: 2CVE-2010-0295 – lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-0295
03 Feb 2010 — lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. lighttpd anterior a v1.4.26 y v1.5.x, reserva un búfer por cada operación de lectura para cada petición, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) rompiendo la petición en pequeños pedazos que son enviados a... • https://www.exploit-db.com/exploits/33591 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2008-1531 – Debian Linux Security Advisory 1540-2
https://notcve.org/view.php?id=CVE-2008-1531
27 Mar 2008 — The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. La función connection_state_machine (connections.c) en lighttpd versión 1.4.19 y anteriores, y versión 1.5.x anterior a 1.5.0, permite a los atacantes remotos generar una denegación de s... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html •