FKIE_CVE-2010-0295

Vulnerability from fkie_nvd - Published: 2010-02-03 19:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
References
secalert@redhat.comhttp://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in
secalert@redhat.comhttp://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patchPatch
secalert@redhat.comhttp://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patchPatch
secalert@redhat.comhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txtPatch
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
secalert@redhat.comhttp://redmine.lighttpd.net/issues/2147
secalert@redhat.comhttp://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710
secalert@redhat.comhttp://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711
secalert@redhat.comhttp://secunia.com/advisories/38403Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/39765
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201006-17.xml
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-1987
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/02/01/8
secalert@redhat.comhttp://www.securityfocus.com/bid/38036Exploit, Patch
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0172
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/56038
af854a3a-2127-422b-91ae-364da2661108http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in
af854a3a-2127-422b-91ae-364da2661108http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txtPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://redmine.lighttpd.net/issues/2147
af854a3a-2127-422b-91ae-364da2661108http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710
af854a3a-2127-422b-91ae-364da2661108http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38403Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39765
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201006-17.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-1987
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/02/01/8
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38036Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0172
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/56038
Impacted products
Vendor Product Version
lighttpd lighttpd *
lighttpd lighttpd 1.0.2
lighttpd lighttpd 1.0.3
lighttpd lighttpd 1.1.0
lighttpd lighttpd 1.1.1
lighttpd lighttpd 1.1.2
lighttpd lighttpd 1.1.3
lighttpd lighttpd 1.1.4
lighttpd lighttpd 1.1.5
lighttpd lighttpd 1.1.6
lighttpd lighttpd 1.1.7
lighttpd lighttpd 1.1.8
lighttpd lighttpd 1.1.9
lighttpd lighttpd 1.2.0
lighttpd lighttpd 1.2.1
lighttpd lighttpd 1.2.2
lighttpd lighttpd 1.2.3
lighttpd lighttpd 1.2.5
lighttpd lighttpd 1.2.6
lighttpd lighttpd 1.2.7
lighttpd lighttpd 1.2.8
lighttpd lighttpd 1.3.0
lighttpd lighttpd 1.3.1
lighttpd lighttpd 1.3.2
lighttpd lighttpd 1.3.3
lighttpd lighttpd 1.3.4
lighttpd lighttpd 1.3.5
lighttpd lighttpd 1.3.6
lighttpd lighttpd 1.3.8
lighttpd lighttpd 1.3.9
lighttpd lighttpd 1.3.10
lighttpd lighttpd 1.3.11
lighttpd lighttpd 1.3.12
lighttpd lighttpd 1.3.13
lighttpd lighttpd 1.3.14
lighttpd lighttpd 1.3.15
lighttpd lighttpd 1.3.16
lighttpd lighttpd 1.4.0
lighttpd lighttpd 1.4.2
lighttpd lighttpd 1.4.3
lighttpd lighttpd 1.4.4
lighttpd lighttpd 1.4.5
lighttpd lighttpd 1.4.6
lighttpd lighttpd 1.4.7
lighttpd lighttpd 1.4.8
lighttpd lighttpd 1.4.9
lighttpd lighttpd 1.4.10
lighttpd lighttpd 1.4.11
lighttpd lighttpd 1.4.12
lighttpd lighttpd 1.4.13
lighttpd lighttpd 1.4.14
lighttpd lighttpd 1.4.15
lighttpd lighttpd 1.4.16
lighttpd lighttpd 1.4.17
lighttpd lighttpd 1.4.18
lighttpd lighttpd 1.4.19
lighttpd lighttpd 1.4.20
lighttpd lighttpd 1.4.21
lighttpd lighttpd 1.4.22
lighttpd lighttpd 1.4.23
lighttpd lighttpd 1.4.24
lighttpd lighttpd 1.5.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197D869-E40E-42D0-B69E-535D2C7FC9F3",
              "versionEndIncluding": "1.4.25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DE19FF-DAA2-4FFC-9392-6CE1B0B5DF5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57FABC2C-E678-45E8-9FB3-3026D55D26F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0332C2-9720-4329-A379-5B7048034B3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2549EBF-E4B6-4574-BCD8-9DB5F195C9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B29F5471-E2A9-421D-A1B5-F0B1444CA9AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F44FDF24-03A1-43F3-9D9E-F744F0A1AC3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B990A8-B28C-4A4C-89AB-50C754EF6491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C0A9A3-E628-4AA8-8676-81A8528CC174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8119BEB6-5CBC-4279-9BDE-53ADF1A55F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "211959AC-B76B-4E87-8A08-7789B47F823E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10DF110-D68E-448F-8BEE-39E0B569596D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4B7EDE-CA57-4FB2-8306-924FC8BD9C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A2745B-661B-489A-9140-FD63F668161A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "769931EC-F36A-4F72-A836-85B65CA815C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4FE8C27-6822-4AA2-AB80-D29871C74DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB702A9-C175-477C-B4C7-30AF7DB26165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "957A7575-FCAB-4C6B-93C8-C9065B412D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE481AA-EF32-47AD-846A-FEDE38637680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFC56FD6-481A-4D60-BAF3-C988AA2395D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C691300-EA97-4F67-9C27-3C44FE22E283",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D09EDA-6E8F-4535-98ED-D972940E2E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E384FD34-327C-40E7-9043-67BC69E6A52B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B922D725-F31A-453B-B396-6C7FE0D4844B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB61C0DE-BAEB-4D65-91EA-D34BA0BEFC49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C395148E-BF0E-4C27-B903-444238736B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C001488-5A41-45F8-A270-C184728C1614",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA6EA41-CE55-4854-A5FA-4A49D1A648BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "16152422-AE34-4970-95B5-440CE8821A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8D34AB8-5DDD-421F-9C9D-65B6B10EDC7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "53143B04-BB2D-4C40-83B1-8BF8BC6547E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "589775AF-21DF-4E41-BFE6-41E4FAAB0F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E35D1709-6B2C-4F22-9948-F69F88F9156A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4949447-0590-4F76-A00E-1EB94FB7621F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF5B9E9-8BB5-42A6-AF87-5CEE31D2EDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "518A4727-ECB7-41C4-8DF5-5375BA5281C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "17207B51-0E7F-4AD2-8AC4-5A5CDC5CDEE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45FC99E1-57D4-4B12-BA26-090142B7CBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "068AD0FA-306D-4C29-857C-21C6067287E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1125A525-36BA-43E1-A316-6BB33DCEC672",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E488CF-A3F1-4C8B-A92A-8764FA1E6032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DEAF46-95C2-4187-AF5A-FB8CB2E6FD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0ECA9-5A9F-47CA-B8CA-28C7324EC722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F8F89B-5A10-4EE3-A035-1CEA44B1691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89FCD49-0C73-4E73-9D99-38700B622A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFA9AF51-F423-4167-88AB-5BF916BCC273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A21B3F82-1C1D-46EE-92EF-46F7F590957E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "482312DE-D483-42EC-B8B3-C71CE088C7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5549E74-A7A7-4D99-B08B-C6ACFB3917FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "72ABD4D8-8AD9-45E5-8FF5-FA947AC07F49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EC04CE1-4C31-42B7-A92D-38393F549014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F79EED03-A95B-4636-A0AA-1F9E72DEF930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "176D53A7-A81C-4C1F-A7B8-90604A9545F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8372FF7B-CF9B-4963-AB53-704E87AF3540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA46E89A-565E-439D-BCB2-6CEE44EFDFAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A0C3E7A-1F5B-4926-A69F-0D4BB54E52D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33D950D-83A0-446E-A55D-D4DB42734B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "25A066E2-FE6B-40F9-A05C-BAF461A71409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA07E2C-68C3-4B99-B497-F6D6207903B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "83918300-255F-4EC8-AA1A-FDC19FBB2D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D22D2F-8487-4B8D-97DD-743114A37EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lighttpd:lighttpd:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CB5DC6-F7D3-45C3-86FC-150216F08A35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate."
    },
    {
      "lang": "es",
      "value": "lighttpd anterior a v1.4.26 y v1.5.x, reserva un b\u00fafer por cada operaci\u00f3n de lectura para cada petici\u00f3n, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) rompiendo la petici\u00f3n en peque\u00f1os pedazos que son enviados a baja velocidad."
    }
  ],
  "id": "CVE-2010-0295",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-03T19:30:00.467",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://redmine.lighttpd.net/issues/2147"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38403"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39765"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201006-17.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-1987"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/01/8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/38036"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0172"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://redmine.lighttpd.net/issues/2147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201006-17.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-1987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/01/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/38036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56038"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.