Back to search
CVE-2010-0295
Published: Feb 3, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
38403
third-party-advisory
x_refsource_SECUNIA
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2711
x_refsource_CONFIRM
ADV-2011-0172
vdb-entry
x_refsource_VUPEN
39765
third-party-advisory
x_refsource_SECUNIA
http://redmine.lighttpd.net/issues/2147
x_refsource_CONFIRM
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt
x_refsource_CONFIRM
FEDORA-2010-7643
vendor-advisory
x_refsource_FEDORA
lighttpd-slow-request-dos(56038)
vdb-entry
x_refsource_XF
http://blogs.sun.com/security/entry/cve_2010_0295_vulnerability_in
x_refsource_CONFIRM
FEDORA-2010-7636
vendor-advisory
x_refsource_FEDORA
DSA-1987
vendor-advisory
x_refsource_DEBIAN
SUSE-SR:2010:003
vendor-advisory
x_refsource_SUSE
http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2710
x_refsource_CONFIRM
38036
vdb-entry
x_refsource_BID
[oss-security] 20100202 lighttpd: slow request dos/oom attack [CVE-2010-0295]
mailing-list
x_refsource_MLIST
FEDORA-2010-7611
vendor-advisory
x_refsource_FEDORA
GLSA-201006-17
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now