FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4298

This CVE name corresponds to:

Entered Topic
2008-09-27 lighttpd -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4298 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-4298
Phase Assigned(20080926)

Description

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

References

Source Reference
BUGTRAQ 20081030 rPSA-2008-0309-1 lighttpd
MLIST [oss-security] 20080926 CVE Request (lighttpd)
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=238180
CONFIRM http://trac.lighttpd.net/trac/changeset/2305
CONFIRM http://trac.lighttpd.net/trac/ticket/1774
CONFIRM http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0309
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309
DEBIAN DSA-1645
GENTOO GLSA-200812-04
SUSE SUSE-SR:2008:026
BID 31434
VUPEN ADV-2008-2741
SECUNIA 32132
SECUNIA 32069
SECUNIA 32834
SECUNIA 32972
SECUNIA 32480
XF lighttpd-httprequestparse-dos(45471)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.