ID CVE-2008-0983
Summary lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
References
Vulnerable Configurations
  • cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-10-2018 - 22:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 27943
bugtraq 20080228 rPSA-2008-0084-1 lighttpd
confirm
debian DSA-1609
fedora
  • FEDORA-2008-2262
  • FEDORA-2008-2278
gentoo GLSA-200803-10
secunia
  • 29066
  • 29166
  • 29209
  • 29268
  • 29622
  • 31104
suse SUSE-SR:2008:008
vupen ADV-2008-0659
Last major update 15-10-2018 - 22:04
Published 26-02-2008 - 18:44
Back to Top