| nessus
via4
|
| NASL family | Web Servers | | NASL id | LIGHTTPD_1_4_32.NASL | | description | According to its banner, the version of lighttpd running on the remote host is 1.4.31. It is, therefore, affected by a denial of service vulnerability. An error in the http_request_split_value() function in 'src/request.c' can cause the application to enter an endless loop when handling specially crafted 'Connection' header requests.
Note that Nessus has not tested for this issue but has instead relied only on the version in the server's banner. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 63094 | | published | 2012-11-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=63094 | | title | lighttpd 1.4.31 http_request_split_value Function Header Handling DoS |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRIVA_MDVSA-2013-100.NASL | | description | The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the Connection: TE,,Keep-Alive header (CVE-2012-5533). | | last seen | 2019-02-21 | | modified | 2019-01-02 | | plugin id | 66112 | | published | 2013-04-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=66112 | | title | Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:100) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2012-801.NASL | | description | - Fixing bnc#790258 CVE-2012-5533: Denial of Service via specially crafted HTTP header. Added patches:
0001-Fix-DoS-in-header-value-split-reported-by-Jesse-Sip p.patch 0001-remove-whitespace-at-end-of-header-keys.patch | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 74819 | | published | 2014-06-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=74819 | | title | openSUSE Security Update : lighttpd (openSUSE-SU-2012:1532-1) |
| NASL family | Amazon Linux Local Security Checks | | NASL id | ALA_ALAS-2013-179.NASL | | description | The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the 'Connection: TE,,Keep-Alive' header. | | last seen | 2019-02-21 | | modified | 2018-04-18 | | plugin id | 69738 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69738 | | title | Amazon Linux AMI : lighttpd (ALAS-2013-179) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-15345.NASL | | description | One important denial of service (in 1.4.31) fix: CVE-2012-5533.
A flaw was found in lighttpd version 1.4.31 that could be exploited by a remote user to cause a denial of service condition in lighttpd. A client could send a malformed Connection header to lighttpd (such as 'Connection: TE,,Keep-Alive'), which would cause lighttpd to enter an endless loop, detecting an empty token but not incrementing the current string position, causing it to continually read ',' over and over.
This flaw was introduced in 1.4.31 [1] when an 'invalid read' bug was fixed [2].
[1] http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/283 0/diff/ [2] http://redmine.lighttpd.net/issues/2413
Acknowledgement :
Red Hat would like to thank Stefan Buhler for reporting this issue.
Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc.
as the original reporter.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-28 | | plugin id | 69775 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69775 | | title | Fedora 19 : lighttpd-1.4.32-1.fc19 (2013-15345) |
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_1CD3CA4233E611E2A2555404A67EEF98.NASL | | description | Lighttpd security advisory reports :
Certain Connection header values will trigger an endless loop, for example : 'Connection: TE,,Keep-Alive'
On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading the ',' again and again.
This bug was introduced in 1.4.31, when we fixed an 'invalid read' bug (it would try to read the byte before the string if it started with ',', although the value wasn't actually used). | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 63016 | | published | 2012-11-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=63016 | | title | FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2013-15344.NASL | | description | One important denial of service (in 1.4.31) fix: CVE-2012-5533.
A flaw was found in lighttpd version 1.4.31 that could be exploited by a remote user to cause a denial of service condition in lighttpd. A client could send a malformed Connection header to lighttpd (such as 'Connection: TE,,Keep-Alive'), which would cause lighttpd to enter an endless loop, detecting an empty token but not incrementing the current string position, causing it to continually read ',' over and over.
This flaw was introduced in 1.4.31 [1] when an 'invalid read' bug was fixed [2].
[1] http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/283 0/diff/ [2] http://redmine.lighttpd.net/issues/2413
Acknowledgement :
Red Hat would like to thank Stefan Buhler for reporting this issue.
Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc.
as the original reporter.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-28 | | plugin id | 69774 | | published | 2013-09-04 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=69774 | | title | Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201406-10.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201406-10 (lighttpd: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could create a Denial of Service condition.
Futhermore, a remote attacker may be able to execute arbitrary SQL statements.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-07-12 | | plugin id | 76062 | | published | 2014-06-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=76062 | | title | GLSA-201406-10 : lighttpd: Multiple vulnerabilities |
|
