Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в lighthttpd
Опубликовано:6 октября 2008 г.
Источник:
SecurityVulns ID:9336
Тип:удаленная
Уровень опасности:
6/10
Описание:DoS условия, утечка информации.
Затронутые продукты:LIGHTTPD : lighttpd 1.4
CVE:CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.)
 CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.)
 CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems (06.10.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород