NotCVE - vendor:"Lighttpd" product:"Lighttpd" version:"1.5.0"

2 results (0.004 seconds)

CVSS: 5.0EPSS: 2%CPEs: 5EXPL: 7

CVE-2011-4362 – lighttpd - Denial of Service (PoC)

https://notcve.org/view.php?id=CVE-2011-4362

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. Error de signo de entero en la función base64_decode en la funcionalidad de autenticación HTTP (http_auth.c) en lighttpd v1.4 anterior a v1.4.30 y v1.5 antes de la revisión SVN 2806 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de una entrada elaborada en base64 provando una lectura "fuera de los límites" (out-of-bounds)con un índice negativo. • https://www.exploit-db.com/exploits/18295 http://archives.neohapsis.com/archives/bugtraq/2011-12/0167.html http://blog.pi3.com.pl/?p=277 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt http://jvn.jp/en/jp/JVN37417423/index.html http://redmine.lighttpd.net/issues/2370 http://secunia.com/advisories/47260 http://www.debian.org/security/2011/dsa-2368 http://www.exploit-db.com/exploits/18295 http://www.openwall.com/lists/oss-security/2011/ •

CVSS: 5.0EPSS: 7%CPEs: 62EXPL: 2

CVE-2010-0295 – lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service

https://notcve.org/view.php?id=CVE-2010-0295

lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. lighttpd anterior a v1.4.26 y v1.5.x, reserva un búfer por cada operación de lectura para cada petición, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) rompiendo la petición en pequeños pedazos que son enviados a baja velocidad. • https://www.exploit-db.com/exploits/33591 http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May • CWE-399: Resource Management Errors •