CVE-2010-0295
CVE-2010-0295
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/33591não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_inhttp://download.lighttpd.net/lighttpd/security/lighttpd-1.4.x_fix_slow_request_dos.patchhttp://download.lighttpd.net/lighttpd/security/lighttpd-1.5_fix_slow_request_dos.patchhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txthttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041296.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.htmlhttp://redmine.lighttpd.net/issues/2147http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711http://secunia.com/advisories/38403