| nessus
via4
|
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_1CD3CA4233E611E2A2555404A67EEF98.NASL | | description | Lighttpd security advisory reports :
Certain Connection header values will trigger an endless loop, for
example : 'Connection: TE,,Keep-Alive'
On receiving such value, lighttpd will enter an endless loop,
detecting an empty token but not incrementing the current string
position, and keep reading the ',' again and again.
This bug was introduced in 1.4.31, when we fixed an 'invalid read' bug
(it would try to read the byte before the string if it started with
',', although the value wasn't actually used). | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 63016 | | published | 2012-11-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=63016 | | title | FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201406-10.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201406-10
(lighttpd: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in lighttpd. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker could create a Denial of Service condition.
Futhermore, a remote attacker may be able to execute arbitrary SQL
statements.
Workaround :
There is no known workaround at this time. | | last seen | 2019-01-16 | | modified | 2018-07-12 | | plugin id | 76062 | | published | 2014-06-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76062 | | title | GLSA-201406-10 : lighttpd: Multiple vulnerabilities |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-15344.NASL | | description | One important denial of service (in 1.4.31) fix: CVE-2012-5533.
A flaw was found in lighttpd version 1.4.31 that could be exploited by
a remote user to cause a denial of service condition in lighttpd. A
client could send a malformed Connection header to lighttpd (such as
'Connection: TE,,Keep-Alive'), which would cause lighttpd to enter an
endless loop, detecting an empty token but not incrementing the
current string position, causing it to continually read ',' over and
over.
This flaw was introduced in 1.4.31 [1] when an 'invalid read' bug was
fixed [2].
[1]
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/283
0/diff/ [2] http://redmine.lighttpd.net/issues/2413
Acknowledgement :
Red Hat would like to thank Stefan Buhler for reporting this issue.
Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc.
as the original reporter.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-28 | | plugin id | 69774 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69774 | | title | Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2013-179.NASL | | description | The http_request_split_value function in request.c in lighttpd before
1.4.32 allows remote attackers to cause a denial of service (infinite
loop) via a request with a header containing an empty token, as
demonstrated using the 'Connection: TE,,Keep-Alive' header. | | last seen | 2019-01-16 | | modified | 2018-04-18 | | plugin id | 69738 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69738 | | title | Amazon Linux AMI : lighttpd (ALAS-2013-179) |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2013-100.NASL | | description | The http_request_split_value function in request.c in lighttpd before
1.4.32 allows remote attackers to cause a denial of service (infinite
loop) via a request with a header containing an empty token, as
demonstrated using the Connection: TE,,Keep-Alive header
(CVE-2012-5533). | | last seen | 2019-01-16 | | modified | 2019-01-02 | | plugin id | 66112 | | published | 2013-04-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66112 | | title | Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:100) |
| NASL family | Web Servers | | NASL id | LIGHTTPD_1_4_32.NASL | | description | According to its banner, the version of lighttpd running on the remote
host is 1.4.31. It is, therefore, affected by a denial of service
vulnerability. An error in the http_request_split_value() function in
'src/request.c' can cause the application to enter an endless loop
when handling specially crafted 'Connection' header requests.
Note that Nessus has not tested for this issue but has instead relied
only on the version in the server's banner. | | last seen | 2019-01-16 | | modified | 2018-07-12 | | plugin id | 63094 | | published | 2012-11-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=63094 | | title | lighttpd 1.4.31 http_request_split_value Function Header Handling DoS |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2012-801.NASL | | description | - Fixing bnc#790258 CVE-2012-5533: Denial of Service via
specially crafted HTTP header. Added patches:
0001-Fix-DoS-in-header-value-split-reported-by-Jesse-Sip
p.patch
0001-remove-whitespace-at-end-of-header-keys.patch | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 74819 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74819 | | title | openSUSE Security Update : lighttpd (openSUSE-SU-2012:1532-1) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-15345.NASL | | description | One important denial of service (in 1.4.31) fix: CVE-2012-5533.
A flaw was found in lighttpd version 1.4.31 that could be exploited by
a remote user to cause a denial of service condition in lighttpd. A
client could send a malformed Connection header to lighttpd (such as
'Connection: TE,,Keep-Alive'), which would cause lighttpd to enter an
endless loop, detecting an empty token but not incrementing the
current string position, causing it to continually read ',' over and
over.
This flaw was introduced in 1.4.31 [1] when an 'invalid read' bug was
fixed [2].
[1]
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/283
0/diff/ [2] http://redmine.lighttpd.net/issues/2413
Acknowledgement :
Red Hat would like to thank Stefan Buhler for reporting this issue.
Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc.
as the original reporter.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-28 | | plugin id | 69775 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69775 | | title | Fedora 19 : lighttpd-1.4.32-1.fc19 (2013-15345) |
|
