CVE-2010-0295

lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.

Affected Software

Name	Vendor	Start Version	End Version
Lighttpd	Lighttpd	*	1.4.25 (including)
Lighttpd	Lighttpd	1.0.2 (including)	1.0.2 (including)
Lighttpd	Lighttpd	1.0.3 (including)	1.0.3 (including)
Lighttpd	Lighttpd	1.1.0 (including)	1.1.0 (including)
Lighttpd	Lighttpd	1.1.1 (including)	1.1.1 (including)
Lighttpd	Lighttpd	1.1.2 (including)	1.1.2 (including)
Lighttpd	Lighttpd	1.1.3 (including)	1.1.3 (including)
Lighttpd	Lighttpd	1.1.4 (including)	1.1.4 (including)
Lighttpd	Lighttpd	1.1.5 (including)	1.1.5 (including)
Lighttpd	Lighttpd	1.1.6 (including)	1.1.6 (including)
Lighttpd	Lighttpd	1.1.7 (including)	1.1.7 (including)
Lighttpd	Lighttpd	1.1.8 (including)	1.1.8 (including)
Lighttpd	Lighttpd	1.1.9 (including)	1.1.9 (including)
Lighttpd	Lighttpd	1.2.0 (including)	1.2.0 (including)
Lighttpd	Lighttpd	1.2.1 (including)	1.2.1 (including)
Lighttpd	Lighttpd	1.2.2 (including)	1.2.2 (including)
Lighttpd	Lighttpd	1.2.3 (including)	1.2.3 (including)
Lighttpd	Lighttpd	1.2.5 (including)	1.2.5 (including)
Lighttpd	Lighttpd	1.2.6 (including)	1.2.6 (including)
Lighttpd	Lighttpd	1.2.7 (including)	1.2.7 (including)
Lighttpd	Lighttpd	1.2.8 (including)	1.2.8 (including)
Lighttpd	Lighttpd	1.3.0 (including)	1.3.0 (including)
Lighttpd	Lighttpd	1.3.1 (including)	1.3.1 (including)
Lighttpd	Lighttpd	1.3.2 (including)	1.3.2 (including)
Lighttpd	Lighttpd	1.3.3 (including)	1.3.3 (including)
Lighttpd	Lighttpd	1.3.4 (including)	1.3.4 (including)
Lighttpd	Lighttpd	1.3.5 (including)	1.3.5 (including)
Lighttpd	Lighttpd	1.3.6 (including)	1.3.6 (including)
Lighttpd	Lighttpd	1.3.8 (including)	1.3.8 (including)
Lighttpd	Lighttpd	1.3.9 (including)	1.3.9 (including)
Lighttpd	Lighttpd	1.3.10 (including)	1.3.10 (including)
Lighttpd	Lighttpd	1.3.11 (including)	1.3.11 (including)
Lighttpd	Lighttpd	1.3.12 (including)	1.3.12 (including)
Lighttpd	Lighttpd	1.3.13 (including)	1.3.13 (including)
Lighttpd	Lighttpd	1.3.14 (including)	1.3.14 (including)
Lighttpd	Lighttpd	1.3.15 (including)	1.3.15 (including)
Lighttpd	Lighttpd	1.3.16 (including)	1.3.16 (including)
Lighttpd	Lighttpd	1.4.0 (including)	1.4.0 (including)
Lighttpd	Lighttpd	1.4.2 (including)	1.4.2 (including)
Lighttpd	Lighttpd	1.4.3 (including)	1.4.3 (including)
Lighttpd	Lighttpd	1.4.4 (including)	1.4.4 (including)
Lighttpd	Lighttpd	1.4.5 (including)	1.4.5 (including)
Lighttpd	Lighttpd	1.4.6 (including)	1.4.6 (including)
Lighttpd	Lighttpd	1.4.7 (including)	1.4.7 (including)
Lighttpd	Lighttpd	1.4.8 (including)	1.4.8 (including)
Lighttpd	Lighttpd	1.4.9 (including)	1.4.9 (including)
Lighttpd	Lighttpd	1.4.10 (including)	1.4.10 (including)
Lighttpd	Lighttpd	1.4.11 (including)	1.4.11 (including)
Lighttpd	Lighttpd	1.4.12 (including)	1.4.12 (including)
Lighttpd	Lighttpd	1.4.13 (including)	1.4.13 (including)
Lighttpd	Lighttpd	1.4.14 (including)	1.4.14 (including)
Lighttpd	Lighttpd	1.4.15 (including)	1.4.15 (including)
Lighttpd	Lighttpd	1.4.16 (including)	1.4.16 (including)
Lighttpd	Lighttpd	1.4.17 (including)	1.4.17 (including)
Lighttpd	Lighttpd	1.4.18 (including)	1.4.18 (including)
Lighttpd	Lighttpd	1.4.19 (including)	1.4.19 (including)
Lighttpd	Lighttpd	1.4.20 (including)	1.4.20 (including)
Lighttpd	Lighttpd	1.4.21 (including)	1.4.21 (including)
Lighttpd	Lighttpd	1.4.22 (including)	1.4.22 (including)
Lighttpd	Lighttpd	1.4.23 (including)	1.4.23 (including)
Lighttpd	Lighttpd	1.4.24 (including)	1.4.24 (including)
Lighttpd	Lighttpd	1.5.0 (including)	1.5.0 (including)
Lighttpd	Ubuntu	dapper	*
Lighttpd	Ubuntu	hardy	*
Lighttpd	Ubuntu	intrepid	*
Lighttpd	Ubuntu	jaunty	*
Lighttpd	Ubuntu	karmic	*
Lighttpd	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-0295
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References