CVE Vulnerabilities

CVE-2010-0295

Published: Feb 03, 2010 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.

Affected Software

Name Vendor Start Version End Version
Lighttpd Lighttpd * 1.4.25 (including)
Lighttpd Lighttpd 1.0.2 (including) 1.0.2 (including)
Lighttpd Lighttpd 1.0.3 (including) 1.0.3 (including)
Lighttpd Lighttpd 1.1.0 (including) 1.1.0 (including)
Lighttpd Lighttpd 1.1.1 (including) 1.1.1 (including)
Lighttpd Lighttpd 1.1.2 (including) 1.1.2 (including)
Lighttpd Lighttpd 1.1.3 (including) 1.1.3 (including)
Lighttpd Lighttpd 1.1.4 (including) 1.1.4 (including)
Lighttpd Lighttpd 1.1.5 (including) 1.1.5 (including)
Lighttpd Lighttpd 1.1.6 (including) 1.1.6 (including)
Lighttpd Lighttpd 1.1.7 (including) 1.1.7 (including)
Lighttpd Lighttpd 1.1.8 (including) 1.1.8 (including)
Lighttpd Lighttpd 1.1.9 (including) 1.1.9 (including)
Lighttpd Lighttpd 1.2.0 (including) 1.2.0 (including)
Lighttpd Lighttpd 1.2.1 (including) 1.2.1 (including)
Lighttpd Lighttpd 1.2.2 (including) 1.2.2 (including)
Lighttpd Lighttpd 1.2.3 (including) 1.2.3 (including)
Lighttpd Lighttpd 1.2.5 (including) 1.2.5 (including)
Lighttpd Lighttpd 1.2.6 (including) 1.2.6 (including)
Lighttpd Lighttpd 1.2.7 (including) 1.2.7 (including)
Lighttpd Lighttpd 1.2.8 (including) 1.2.8 (including)
Lighttpd Lighttpd 1.3.0 (including) 1.3.0 (including)
Lighttpd Lighttpd 1.3.1 (including) 1.3.1 (including)
Lighttpd Lighttpd 1.3.2 (including) 1.3.2 (including)
Lighttpd Lighttpd 1.3.3 (including) 1.3.3 (including)
Lighttpd Lighttpd 1.3.4 (including) 1.3.4 (including)
Lighttpd Lighttpd 1.3.5 (including) 1.3.5 (including)
Lighttpd Lighttpd 1.3.6 (including) 1.3.6 (including)
Lighttpd Lighttpd 1.3.8 (including) 1.3.8 (including)
Lighttpd Lighttpd 1.3.9 (including) 1.3.9 (including)
Lighttpd Lighttpd 1.3.10 (including) 1.3.10 (including)
Lighttpd Lighttpd 1.3.11 (including) 1.3.11 (including)
Lighttpd Lighttpd 1.3.12 (including) 1.3.12 (including)
Lighttpd Lighttpd 1.3.13 (including) 1.3.13 (including)
Lighttpd Lighttpd 1.3.14 (including) 1.3.14 (including)
Lighttpd Lighttpd 1.3.15 (including) 1.3.15 (including)
Lighttpd Lighttpd 1.3.16 (including) 1.3.16 (including)
Lighttpd Lighttpd 1.4.0 (including) 1.4.0 (including)
Lighttpd Lighttpd 1.4.2 (including) 1.4.2 (including)
Lighttpd Lighttpd 1.4.3 (including) 1.4.3 (including)
Lighttpd Lighttpd 1.4.4 (including) 1.4.4 (including)
Lighttpd Lighttpd 1.4.5 (including) 1.4.5 (including)
Lighttpd Lighttpd 1.4.6 (including) 1.4.6 (including)
Lighttpd Lighttpd 1.4.7 (including) 1.4.7 (including)
Lighttpd Lighttpd 1.4.8 (including) 1.4.8 (including)
Lighttpd Lighttpd 1.4.9 (including) 1.4.9 (including)
Lighttpd Lighttpd 1.4.10 (including) 1.4.10 (including)
Lighttpd Lighttpd 1.4.11 (including) 1.4.11 (including)
Lighttpd Lighttpd 1.4.12 (including) 1.4.12 (including)
Lighttpd Lighttpd 1.4.13 (including) 1.4.13 (including)
Lighttpd Lighttpd 1.4.14 (including) 1.4.14 (including)
Lighttpd Lighttpd 1.4.15 (including) 1.4.15 (including)
Lighttpd Lighttpd 1.4.16 (including) 1.4.16 (including)
Lighttpd Lighttpd 1.4.17 (including) 1.4.17 (including)
Lighttpd Lighttpd 1.4.18 (including) 1.4.18 (including)
Lighttpd Lighttpd 1.4.19 (including) 1.4.19 (including)
Lighttpd Lighttpd 1.4.20 (including) 1.4.20 (including)
Lighttpd Lighttpd 1.4.21 (including) 1.4.21 (including)
Lighttpd Lighttpd 1.4.22 (including) 1.4.22 (including)
Lighttpd Lighttpd 1.4.23 (including) 1.4.23 (including)
Lighttpd Lighttpd 1.4.24 (including) 1.4.24 (including)
Lighttpd Lighttpd 1.5.0 (including) 1.5.0 (including)
Lighttpd Ubuntu dapper *
Lighttpd Ubuntu hardy *
Lighttpd Ubuntu intrepid *
Lighttpd Ubuntu jaunty *
Lighttpd Ubuntu karmic *
Lighttpd Ubuntu upstream *

References