Use-After-Free Vulnerability in lighttpd by Lighttpd Developers
CVE-2013-4560

Currently unrated

Key Information:

Vendor: Lighttpd
Status: Lighttpd
Vendor: CVE Published:; 20 November 2013

What is CVE-2013-4560?

A use-after-free vulnerability exists in lighttpd versions prior to 1.4.33, allowing remote attackers to exploit the FAMMonitorDirectory functionality. This flaw can lead to a denial of service through the triggering of segmentation faults and subsequent crashes of the server process. Affected systems require immediate attention to mitigate potential disruptions to service.

References

http://secunia.com/advisories/55682

third-party-advisoryx_refsource_SECUNIA

http://marc.info/?l=bugtraq&m=141576815022399&w=2

vendor-advisoryx_refsource_HP

http://download.lighttpd.net/lighttpd/security/lighttpd_s...

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2013
Vulnerability Reserved
Jun 12, 2013