Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4298

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4298
Last Modified 07 Mar 2011 10:12:13
Published 27 Sep 2008 06:30:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4298

Summary

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

Vulnerable Systems

Application

  • Lighttpd 1.1.1

  • Lighttpd 1.1.2

  • Lighttpd 1.1.3

  • Lighttpd 1.1.4

  • Lighttpd 1.1.5

  • Lighttpd 1.1.6

  • Lighttpd 1.1.7

  • Lighttpd 1.1.8

  • Lighttpd 1.1.9

  • Lighttpd 1.2.1

  • Lighttpd 1.2.2

  • Lighttpd 1.2.3

  • Lighttpd 1.2.4

  • Lighttpd 1.2.5

  • Lighttpd 1.2.6

  • Lighttpd 1.2.7

  • Lighttpd 1.2.8

  • Lighttpd 1.3.0

  • Lighttpd 1.3.1

  • Lighttpd 1.3.10

  • Lighttpd 1.3.11

  • Lighttpd 1.3.12

  • Lighttpd 1.3.13

  • Lighttpd 1.3.14

  • Lighttpd 1.3.15

  • Lighttpd 1.3.16

  • Lighttpd 1.3.2

  • Lighttpd 1.3.3

  • Lighttpd 1.3.4

  • Lighttpd 1.3.5

  • Lighttpd 1.3.6

  • Lighttpd 1.3.7

  • Lighttpd 1.3.8

  • Lighttpd 1.3.9

  • Lighttpd 1.4.0

  • Lighttpd 1.4.1

  • Lighttpd 1.4.10

  • Lighttpd 1.4.11

  • Lighttpd 1.4.12

  • Lighttpd 1.4.13

  • Lighttpd 1.4.14

  • Lighttpd 1.4.15

  • Lighttpd 1.4.16

  • Lighttpd 1.4.17

  • Lighttpd 1.4.18

  • Lighttpd 1.4.19

  • Lighttpd 1.4.2

  • Lighttpd 1.4.3

  • Lighttpd 1.4.4

  • Lighttpd 1.4.5

  • Lighttpd 1.4.6

  • Lighttpd 1.4.7

  • Lighttpd 1.4.8

  • Lighttpd 1.4.9


References

CONFIRM - http://trac.lighttpd.net/trac/ticket/1774

XF - lighttpd-httprequestparse-dos(45471)

VUPEN - ADV-2008-2741

BID - 31434

BUGTRAQ - 20081030 rPSA-2008-0309-1 lighttpd

MLIST - [oss-security] 20080926 CVE Request (lighttpd)

CONFIRM - http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt

DEBIAN - DSA-1645

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0309

CONFIRM - http://trac.lighttpd.net/trac/changeset/2305

GENTOO - GLSA-200812-04

SECUNIA - 32972

SECUNIA - 32834

SECUNIA - 32480

SECUNIA - 32132

SECUNIA - 32069

SUSE - SUSE-SR:2008:026

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=238180


Last Updated: 27 May 2016 10:48:27