FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1870

This CVE name corresponds to:

Entered Topic
2007-04-14 lighttpd -- DOS when access files with mtime 0

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1870 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1870
Phase Assigned(20070405)

Description

lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.

References

Source Reference
BUGTRAQ 20070420 FLEA-2007-0011-1: lighttpd
CONFIRM http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt
CONFIRM https://issues.rpath.com/browse/RPL-1218
DEBIAN DSA-1303
GENTOO GLSA-200705-07
SUSE SUSE-SR:2007:007
BID 23515
VUPEN ADV-2007-1399
SECUNIA 24886
SECUNIA 24995
SECUNIA 25166
SECUNIA 24947
SECUNIA 25613
XF lighttpd-mtime-dos(33678)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.