FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- denial of service vulnerability

Affected packages
lighttpd < 1.4.26

Details

VuXML ID 1a3bd81f-1b25-11df-bd1a-002170daae37
Discovery 2010-02-02
Entry 2010-02-16

Lighttpd security advisory reports:

If you send the request data very slow (e.g. sleep 0.01 after each byte), lighttpd will easily use all available memory and die (especially for parallel requests), allowing a DoS within minutes.

References

Bugtraq ID 38036
CVE Name CVE-2010-0295
URL http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt