Denial of Service Vulnerability in Lighttpd by Lighttpd Foundation
CVE-2008-0983

Currently unrated

Key Information:

Vendor: Lighttpd
Status: Lighttpd
Vendor: CVE Published:; 26 February 2008

What is CVE-2008-0983?

A vulnerability in Lighttpd 1.4.18 and earlier versions may allow remote attackers to exploit improper file descriptor array size calculations. By establishing a substantial number of connections, an attacker can induce an out-of-bounds access scenario, leading to a denial of service, where the server may crash and become unresponsive.

References

http://www.vupen.com/english/advisories/2008/0659/references

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/29268

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/29066

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2008
Vulnerability Reserved
Feb 26, 2008