CVE-2022-41556
https://notcve.org/view.php?id=CVE-2022-41556
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. Un filtrado de recursos en el archivo gw_backend.c en lighttpd versiones 1.4.56 hasta 1.4.66, podría conllevar a una denegación de servicio (agotamiento de la ranura de conexión) después de una gran cantidad de comportamiento TCP anómalo por parte de los clientes. • https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67 https://github.com/lighttpd/lighttpd1.4/pull/115 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2 https://security.gentoo.org/glsa/202210-12 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2022-37797
https://notcve.org/view.php?id=CVE-2022-37797
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. En lighttpd 1.4.65, la función mod_wstunnel no inicializa un puntero de función de manejador si es recibida una petición HTTP no válida (websocket handshake). Esto conlleva a una desreferencia de puntero null que hace que el servidor sea bloqueado. • https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html https://redmine.lighttpd.net/issues/3165 https://security.gentoo.org/glsa/202210-12 https://www.debian.org/security/2022/dsa-5243 • CWE-476: NULL Pointer Dereference •
CVE-2011-4362 – lighttpd - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2011-4362
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. Error de signo de entero en la función base64_decode en la funcionalidad de autenticación HTTP (http_auth.c) en lighttpd v1.4 anterior a v1.4.30 y v1.5 antes de la revisión SVN 2806 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de una entrada elaborada en base64 provando una lectura "fuera de los límites" (out-of-bounds)con un índice negativo. • https://www.exploit-db.com/exploits/18295 http://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html http://blog.pi3.com.pl/?p=277 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt http://jvn.jp/en/jp/JVN37417423/index.html http://redmine.lighttpd.net/issues/2370 http://secunia.com/advisories/47260 http://www.debian.org/security/2011/dsa-2368 http://www.exploit-db.com/exploits/18295 http://www.openwall.com/lists/oss-security/2011/ •
CVE-2010-0295 – lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-0295
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. lighttpd anterior a v1.4.26 y v1.5.x, reserva un búfer por cada operación de lectura para cada petición, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) rompiendo la petición en pequeños pedazos que son enviados a baja velocidad. • https://www.exploit-db.com/exploits/33591 http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May • CWE-399: Resource Management Errors •
CVE-2008-1531
https://notcve.org/view.php?id=CVE-2008-1531
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost. La función connection_state_machine (connections.c) en lighttpd versión 1.4.19 y anteriores, y versión 1.5.x anterior a 1.5.0, permite a los atacantes remotos generar una denegación de servicio (pérdida de conexión SSL activa) al activar un error SSL, como desconectarse antes que una descarga ha finalizado, lo que hace que todas las conexiones SSL activas se pierdan. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29505 http://secunia.com/advisories/29544 http://secunia.com/advisories/29636 http://secunia.com/advisories/29649 http://secunia.com/advisories/30023 http://security.gentoo.org/glsa/glsa-200804-08.xml http://trac.lighttpd.net/trac/changeset/2136 http://trac.lighttpd.net/trac/changeset/2139 http://trac.lighttpd.net/trac/changeset/2140 http://trac.lighttpd.net/trac/ticket •