ID CVE-2007-3946
Summary mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.
References
Vulnerable Configurations
  • lighttpd 1.4.15
    cpe:2.3:a:lighttpd:lighttpd:1.4.15
CVSS
Base: 6.4 (as of 24-07-2007 - 11:32)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-11 (Lighttpd: Multiple vulnerabilities) Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP headers, the mod_auth and mod_scgi modules, and the limitation of active connections. Impact : A remote attacker can trigger any of these vulnerabilities by sending malicious data to the server, which may lead to a crash or memory exhaustion, and potentially the execution of arbitrary code. Additionally, access-deny settings can be evaded by appending a final / to a URL. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25917
    published 2007-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25917
    title GLSA-200708-11 : Lighttpd: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1362.NASL
    description Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitrary code via the overflow of CGI variables when mod_fcgi was enabled. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3946 The use of mod_auth could leave to a denial of service attack crashing the webserver. - CVE-2007-3947 The improper handling of repeated HTTP headers could cause a denial of service attack crashing the webserver. - CVE-2007-3949 A bug in mod_access potentially allows remote users to bypass access restrictions via trailing slash characters. - CVE-2007-3950 On 32-bit platforms users may be able to create denial of service attacks, crashing the webserver, via mod_webdav, mod_fastcgi, or mod_scgi.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25962
    published 2007-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25962
    title Debian DSA-1362-2 : lighttpd - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIGHTTPD-3985.NASL
    description Multiple bugs in lighttpd allowed remote attackers to crash lighttpd, circumvent access restricions or even execute code. (CVE-2007-3946, CVE-2007-3947, CVE-2007-3948, CVE-2007-3949, CVE-2007-3950)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27340
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27340
    title openSUSE 10 Security Update : lighttpd (lighttpd-3985)
  • NASL family Web Servers
    NASL id LIGHTTPD_1_4_16.NASL
    description According to its banner, the version of lighttpd running on the remote host is prior to 1.4.16. It is, therefore, affected by multiple vulnerabilities : - mod_auth allows remote attackers to cause a denial of service via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. (CVE-2007-3946) - The server allows remote attackers to cause a denial of service by sending an HTTP request with duplicate headers. (CVE-2007-3947) - The server might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service via a large number of connection attempts. (CVE-2007-3948) - mod_access ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings (CVE-2007-3949) - The server, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. (CVE-2007-3950) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-02-07
    plugin id 106623
    published 2018-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106623
    title lighttpd < 1.4.16 Multiple Vulnerabilities
refmap via4
bid 24967
bugtraq 20070719 rPSA-2007-0145-1 lighttpd
confirm
debian DSA-1362
gentoo GLSA-200708-11
misc http://trac.lighttpd.net/trac/changeset/1875
osvdb
  • 38314
  • 38315
  • 38316
  • 38317
secunia
  • 26130
  • 26158
  • 26505
  • 26593
suse SUSE-SR:2007:015
vupen ADV-2007-2585
Last major update 30-10-2012 - 22:40
Published 23-07-2007 - 20:30
Last modified 15-10-2018 - 17:32
Back to Top