FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- Remote DOS in CRLF parsing

Affected packages
1.4.11 < lighttpd < 1.4.13_2

Details

VuXML ID d2b48d30-ea97-11db-a802-000fea2763ce
Discovery 2006-12-15
Entry 2007-04-14

Lighttpd SA:

If the connection aborts during parsing "\r\n\r\n" the server might get into a infinite loop and use 100% of the CPU time. lighttpd still responses to other requests. This can be repeated until either the server limit for concurrent connections or file descriptors is reached.

The bug was reported and fixed by Robert Jakabosky.

References

CVE Name CVE-2007-1869
URL http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt