lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Max CVSS
5.0
EPSS Score
9.94%
Published
2008-02-26
Updated
2018-10-15
Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
Max CVSS
5.0
EPSS Score
11.14%
Published
2008-09-27
Updated
2018-10-11
The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.
Max CVSS
4.3
EPSS Score
9.37%
Published
2008-03-27
Updated
2018-10-31
3 vulnerabilities found