FreeBSD Local Security Checks : FreeBSD Ports: lighttpd

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66846

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: lighttpd

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: lighttpd

CVE-2010-0295
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read
operation that occurs for a request, which allows remote attackers to
cause a denial of service (memory consumption) by breaking a request
into small pieces that are sent at a slow rate.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0295
38036
http://www.securityfocus.com/bid/38036
38403
http://secunia.com/advisories/38403
39765
http://secunia.com/advisories/39765
ADV-2011-0172
http://www.vupen.com/english/advisories/2011/0172
DSA-1987
http://www.debian.org/security/2010/dsa-1987
FEDORA-2010-7611
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html
FEDORA-2010-7636
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html
FEDORA-2010-7643
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html
GLSA-201006-17
http://security.gentoo.org/glsa/glsa-201006-17.xml
SUSE-SR:2010:003
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
[oss-security] 20100202 lighttpd: slow request dos/oom attack [CVE-2010-0295]
http://www.openwall.com/lists/oss-security/2010/02/01/8
http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch
http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt
http://redmine.lighttpd.net/issues/2147
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711
lighttpd-slow-request-dos(56038)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56038

Copyright Copyright (C) 2010 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66846
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: lighttpd
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: lighttpd CVE-2010-0295 lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0295 38036 http://www.securityfocus.com/bid/38036 38403 http://secunia.com/advisories/38403 39765 http://secunia.com/advisories/39765 ADV-2011-0172 http://www.vupen.com/english/advisories/2011/0172 DSA-1987 http://www.debian.org/security/2010/dsa-1987 FEDORA-2010-7611 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html FEDORA-2010-7636 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html FEDORA-2010-7643 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html GLSA-201006-17 http://security.gentoo.org/glsa/glsa-201006-17.xml SUSE-SR:2010:003 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html [oss-security] 20100202 lighttpd: slow request dos/oom attack [CVE-2010-0295] http://www.openwall.com/lists/oss-security/2010/02/01/8 http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt http://redmine.lighttpd.net/issues/2147 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711 lighttpd-slow-request-dos(56038) https://exchange.xforce.ibmcloud.com/vulnerabilities/56038
Copyright	Copyright (C) 2010 E-Soft Inc.