Lighttpd 多个模块 拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189718 漏洞类型
发布时间 2007-07-23 更新时间 2007-07-24
CVE编号 CVE-2007-3950 CNNVD-ID CNNVD-200707-405
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2007070064
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200707-405
|漏洞详情
lighttpd是德国软件开发者JanKneschke所研发的一款开源的Web服务器,它的主要特点是仅需少量的内存及CPU资源即可达到同类网页服务器的性能。Lighttpd的mod_scgi模块、mod_fastcgi模块、mod_webdav模块中存在错误,远程攻击者如果通过不兼容格式的字符调试某些信息,可能导致拒绝服务。
|漏洞EXP
rPath Security Advisory: 2007-0145-1
Published: 2007-07-19
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote User Deterministic Denial of Service
Updated Versions:
lighttpd=/conary.rpath.com@rpl:devel//1/1.4.15-0.3-1

References:
https://issues.rpath.com/browse/RPL-1550
https://issues.rpath.com/browse/RPL-1554

Description:
Previous versions of the lighttpd package are vulnerable to multiple
attacks, among which remote attackers may circumvent access-control
settings or crash the server by issuing various malformed or malicious
requests. It has not been determined that these vulnerabilities can
be exploited to execute malicious code.

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
|参考资料

来源:VUPEN
名称:ADV-2007-2585
链接:http://www.frsirt.com/english/advisories/2007/2585
来源:SECUNIA
名称:26130
链接:http://secunia.com/advisories/26130
来源:BID
名称:24967
链接:http://www.securityfocus.com/bid/24967
来源:BUGTRAQ
名称:20070719rPSA-2007-0145-1lighttpd
链接:http://www.securityfocus.com/archive/1/archive/1/474131/100/0/threaded
来源:trac.lighttpd.net
链接:http://trac.lighttpd.net/trac/ticket/1263
来源:MISC
链接:http://trac.lighttpd.net/trac/changeset/1882
来源:SECUNIA
名称:26158
链接:http://secunia.com/advisories/26158
来源:SUSE
名称:SUSE-SR:2007:015
链接:http://www.novell.com/linux/security/advisories/2007_15_sr.html
来源:DEBIAN
名称:DSA-1362
链接:http://www.debian.org/security/2007/dsa-1362
来源:SREASON
名称:2909
链接:http://securityreason.com/securityalert/2909
来源:GENTOO
名称:GLSA-200708-11
链接:http://security.gentoo.org/glsa/glsa-200708-11.xml
来源:SECUNIA
名称:26593
链接:http://secunia.com/advisories/26593
来源:SECUNIA
名称:26505
链接:http://secunia.com/advisories/26505