Denial of Service Vulnerability in Lighttpd Web Server by Lighttpd
CVE-2010-0295

Currently unrated

Key Information:

Vendor: Lighttpd
Status: Lighttpd
Vendor: CVE Published:; 3 February 2010

What is CVE-2010-0295?

Lighttpd, a popular open-source web server, is susceptible to a denial of service attack due to its faulty buffer allocation mechanism. When handling requests, Lighttpd allocates a buffer for each read operation. This design flaw allows malicious remote attackers to exploit the server by fragmenting a request into smaller parts and sending them at a slow rate. Consequently, this can lead to excessive memory consumption, rendering the server unresponsive and potentially causing service downtime. Administrators are urged to update to secure versions to mitigate this risk.

References

http://secunia.com/advisories/38403

third-party-advisoryx_refsource_SECUNIA

http://redmine.lighttpd.net/projects/lighttpd/repository/...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2011/0172

vdb-entryx_refsource_VUPEN

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2010
Vulnerability Reserved
Jan 12, 2010