ID CVE-2007-1870
Summary lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.
References
Vulnerable Configurations
  • cpe:2.3:a:lighttpd:lighttpd:1.3.0
    cpe:2.3:a:lighttpd:lighttpd:1.3.0
  • cpe:2.3:a:lighttpd:lighttpd:1.3.1
    cpe:2.3:a:lighttpd:lighttpd:1.3.1
  • cpe:2.3:a:lighttpd:lighttpd:1.3.2
    cpe:2.3:a:lighttpd:lighttpd:1.3.2
  • cpe:2.3:a:lighttpd:lighttpd:1.3.3
    cpe:2.3:a:lighttpd:lighttpd:1.3.3
  • cpe:2.3:a:lighttpd:lighttpd:1.3.4
    cpe:2.3:a:lighttpd:lighttpd:1.3.4
  • cpe:2.3:a:lighttpd:lighttpd:1.3.5
    cpe:2.3:a:lighttpd:lighttpd:1.3.5
  • cpe:2.3:a:lighttpd:lighttpd:1.3.6
    cpe:2.3:a:lighttpd:lighttpd:1.3.6
  • cpe:2.3:a:lighttpd:lighttpd:1.3.7
    cpe:2.3:a:lighttpd:lighttpd:1.3.7
  • cpe:2.3:a:lighttpd:lighttpd:1.3.8
    cpe:2.3:a:lighttpd:lighttpd:1.3.8
  • cpe:2.3:a:lighttpd:lighttpd:1.3.9
    cpe:2.3:a:lighttpd:lighttpd:1.3.9
  • cpe:2.3:a:lighttpd:lighttpd:1.3.10
    cpe:2.3:a:lighttpd:lighttpd:1.3.10
  • lighttpd 1.3.11
    cpe:2.3:a:lighttpd:lighttpd:1.3.11
  • lighttpd 1.3.12
    cpe:2.3:a:lighttpd:lighttpd:1.3.12
  • lighttpd 1.3.13
    cpe:2.3:a:lighttpd:lighttpd:1.3.13
  • lighttpd 1.3.14
    cpe:2.3:a:lighttpd:lighttpd:1.3.14
  • lighttpd 1.3.15
    cpe:2.3:a:lighttpd:lighttpd:1.3.15
  • lighttpd 1.3.16
    cpe:2.3:a:lighttpd:lighttpd:1.3.16
  • cpe:2.3:a:lighttpd:lighttpd:1.4.0
    cpe:2.3:a:lighttpd:lighttpd:1.4.0
  • lighttpd 1.4.1
    cpe:2.3:a:lighttpd:lighttpd:1.4.1
  • lighttpd 1.4.2
    cpe:2.3:a:lighttpd:lighttpd:1.4.2
  • lighttpd 1.4.3
    cpe:2.3:a:lighttpd:lighttpd:1.4.3
  • lighttpd 1.4.4
    cpe:2.3:a:lighttpd:lighttpd:1.4.4
  • lighttpd 1.4.5
    cpe:2.3:a:lighttpd:lighttpd:1.4.5
  • lighttpd 1.4.6
    cpe:2.3:a:lighttpd:lighttpd:1.4.6
  • lighttpd 1.4.7
    cpe:2.3:a:lighttpd:lighttpd:1.4.7
  • lighttpd 1.4.8
    cpe:2.3:a:lighttpd:lighttpd:1.4.8
  • lighttpd 1.4.9
    cpe:2.3:a:lighttpd:lighttpd:1.4.9
  • lighttpd 1.4.10
    cpe:2.3:a:lighttpd:lighttpd:1.4.10
  • lighttpd 1.4.12
    cpe:2.3:a:lighttpd:lighttpd:1.4.12
  • lighttpd 1.4.13
    cpe:2.3:a:lighttpd:lighttpd:1.4.13
CVSS
Base: 7.8 (as of 18-04-2007 - 11:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_5678DA43EA9911DBA802000FEA2763CE.NASL
    description Lighttpd SA : Lighttpd caches the rendered string for mtime. The cache key has as a default value 0. At that point the pointer to the string are still NULL. If a file with an mtime of 0 is requested it tries to access the pointer and crashes. The bug requires that a malicious user can either upload files or manipulate the mtime of the files. The bug was reported by cubiq and fixed by Marcus Rueckert.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25049
    published 2007-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25049
    title FreeBSD : lighttpd -- DOS when access files with mtime 0 (5678da43-ea99-11db-a802-000fea2763ce)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1303.NASL
    description Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1869 Remote attackers could cause denial of service by disconnecting partway through making a request. - CVE-2007-1870 A NULL pointer dereference could cause a crash when serving files with a mtime of 0.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25465
    published 2007-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25465
    title Debian DSA-1303-1 : lighttpd - denial of service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIGHTTPD-3090.NASL
    description Two remotely exploitable DoS vulnerabilities in lighttpd can be used to crash lighttpd or make it waste CPU time in an enless loop (CVE-2007-1869, CVE-2007-1870).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27339
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27339
    title openSUSE 10 Security Update : lighttpd (lighttpd-3090)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200705-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200705-07 (Lighttpd: Two Denials of Service) Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd tries to access a file with a mtime of 0. Impact : A remote attacker could upload a specially crafted file to the server or send a specially crafted request and then abort the connection, possibly resulting in a crash or a Denial of Service by CPU consumption. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25184
    published 2007-05-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25184
    title GLSA-200705-07 : Lighttpd: Two Denials of Service
refmap via4
bid 23515
bugtraq 20070420 FLEA-2007-0011-1: lighttpd
confirm
debian DSA-1303
gentoo GLSA-200705-07
secunia
  • 24886
  • 24947
  • 24995
  • 25166
  • 25613
suse SUSE-SR:2007:007
vupen ADV-2007-1399
xf lighttpd-mtime-dos(33678)
Last major update 07-03-2011 - 21:53
Published 17-04-2007 - 23:19
Last modified 16-10-2018 - 12:41
Back to Top