Computer Security
[EN] securityvulns.ru no-pyccku


lighthttpd multiple security vulnerabilities
Published:06.10.2008
Source:
SecurityVulns ID:9336
Type:remote
Threat Level:
6/10
Description:DoS conditions, information leakage.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.)
 CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.)
 CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems (06.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod