lighttpd 1.4.15 DoS

2007.07.24
Credit: rPath
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2007-3950
CWE: N/A


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

rPath Security Advisory: 2007-0145-1 Published: 2007-07-19 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote User Deterministic Denial of Service Updated Versions: lighttpd=/conary.rpath.com@rpl:devel//1/1.4.15-0.3-1 References: https://issues.rpath.com/browse/RPL-1550 https://issues.rpath.com/browse/RPL-1554 Description: Previous versions of the lighttpd package are vulnerable to multiple attacks, among which remote attackers may circumvent access-control settings or crash the server by issuing various malformed or malicious requests. It has not been determined that these vulnerabilities can be exploited to execute malicious code. Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top