Denial of Service : Llighttpd < 1.4.26 'Slow Request Handling' Remote DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100480

Categoría: Denial of Service

Título: Llighttpd < 1.4.26 'Slow Request Handling' Remote DoS Vulnerability

Resumen: Lighttpd is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Lighttpd is prone to a denial of service (DoS) vulnerability.

Vulnerability Impact:
Remote attackers can exploit this issue to cause the application
to hang, denying service to legitimate users.

Affected Software/OS:
Lighttpd versions prior to 1.4.26.

Solution:
Update to version 1.4.26 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0295
38036
http://www.securityfocus.com/bid/38036
38403
http://secunia.com/advisories/38403
39765
http://secunia.com/advisories/39765
ADV-2011-0172
http://www.vupen.com/english/advisories/2011/0172
DSA-1987
http://www.debian.org/security/2010/dsa-1987
FEDORA-2010-7611
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html
FEDORA-2010-7636
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html
FEDORA-2010-7643
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html
GLSA-201006-17
http://security.gentoo.org/glsa/glsa-201006-17.xml
SUSE-SR:2010:003
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
[oss-security] 20100202 lighttpd: slow request dos/oom attack [CVE-2010-0295]
http://www.openwall.com/lists/oss-security/2010/02/01/8
http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch
http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt
http://redmine.lighttpd.net/issues/2147
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711
lighttpd-slow-request-dos(56038)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56038

Copyright Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100480
Categoría:	Denial of Service
Título:	Llighttpd < 1.4.26 'Slow Request Handling' Remote DoS Vulnerability
Resumen:	Lighttpd is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Lighttpd is prone to a denial of service (DoS) vulnerability. Vulnerability Impact: Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users. Affected Software/OS: Lighttpd versions prior to 1.4.26. Solution: Update to version 1.4.26 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0295 38036 http://www.securityfocus.com/bid/38036 38403 http://secunia.com/advisories/38403 39765 http://secunia.com/advisories/39765 ADV-2011-0172 http://www.vupen.com/english/advisories/2011/0172 DSA-1987 http://www.debian.org/security/2010/dsa-1987 FEDORA-2010-7611 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html FEDORA-2010-7636 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html FEDORA-2010-7643 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html GLSA-201006-17 http://security.gentoo.org/glsa/glsa-201006-17.xml SUSE-SR:2010:003 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html [oss-security] 20100202 lighttpd: slow request dos/oom attack [CVE-2010-0295] http://www.openwall.com/lists/oss-security/2010/02/01/8 http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt http://redmine.lighttpd.net/issues/2147 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711 lighttpd-slow-request-dos(56038) https://exchange.xforce.ibmcloud.com/vulnerabilities/56038
Copyright	Copyright (C) 2010 Greenbone Networks GmbH