Published: 18/04/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

lighttpd prior to 1.4.14 allows malicious users to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lighttpd lighttpd 1.3.14
lighttpd lighttpd 1.3.15
lighttpd lighttpd 1.3.16
lighttpd lighttpd 1.3.8
lighttpd lighttpd 1.3.9
lighttpd lighttpd 1.4.3
lighttpd lighttpd 1.4.4
lighttpd lighttpd 1.3.12
lighttpd lighttpd 1.3.13
lighttpd lighttpd 1.3.6
lighttpd lighttpd 1.3.7
lighttpd lighttpd 1.4.13
lighttpd lighttpd 1.4.2
lighttpd lighttpd 1.4.9
lighttpd lighttpd 1.3.10
lighttpd lighttpd 1.3.11
lighttpd lighttpd 1.3.4
lighttpd lighttpd 1.3.5
lighttpd lighttpd 1.4.10
lighttpd lighttpd 1.4.12
lighttpd lighttpd 1.4.7
lighttpd lighttpd 1.4.8
lighttpd lighttpd 1.3.0
lighttpd lighttpd 1.3.1
lighttpd lighttpd 1.3.2
lighttpd lighttpd 1.3.3
lighttpd lighttpd 1.4.0
lighttpd lighttpd 1.4.1
lighttpd lighttpd 1.4.5
lighttpd lighttpd 1.4.6

Debian Bug report logs - #422254 lighttpd: Security vulnerabilities in Etch version Package: lighttpd; Maintainer for lighttpd is Debian QA Group <packages@qadebianorg>; Source for lighttpd is src:lighttpd (PTS, buildd, popcon) Reported by: Jon Vaughan <jonathan-debianbugs@turniporguk> Date: Fri, 4 May 2007 14:1 ...

Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1869 Remote attackers could cause denial of service by disconnecting partway through making a request CVE-2007-1870 A NU ...

NVD-CWE-Other http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt http://secunia.com/advisories/24886 http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.securityfocus.com/bid/23515 http://secunia.com/advisories/24995 http://security.gentoo.org/glsa/glsa-200705-07.xml http://secunia.com/advisories/25166 https://issues.rpath.com/browse/RPL-1218 http://secunia.com/advisories/24947 http://www.debian.org/security/2007/dsa-1303 http://secunia.com/advisories/25613 http://www.vupen.com/english/advisories/2007/1399 https://exchange.xforce.ibmcloud.com/vulnerabilities/33678 http://www.securityfocus.com/archive/1/466464/30/6900/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422254 https://nvd.nist.gov https://www.debian.org/security/./dsa-1303

CVE-2007-1870

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect