lighttpd < 1.4.20 Multiple Vulnerabilities

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of lighttpd running on the remote
host is prior to 1.4.20. It is, therefore, affected by multiple
vulnerabilities :

- A denial of service vulnerability exists in the
connection_state_machine() function that is triggered
when disconnecting before a download has finished. An
unauthenticated, remote attacker can exploit this to
cause all active SSL connections to be lost.
(CVE-2008-1531)

- A memory leak flaw exists in the http_request_parse()
function. An unauthenticated, remote attacker can
exploit this, via a large number of requests with
duplicate request headers, to cause a denial of service
condition. (CVE-2008-4298)

- A security bypass vulnerability exists due to comparing
URIs to patterns in url.redirect and url.rewrite
configuration settings before performing URL decoding.
An unauthenticated, remote attacker can exploit this to
bypass intended access restrictions, resulting in the
disclosure or modification of sensitive data.
(CVE-2008-4359)

- A security bypass vulnerability exists in mod_userdir
due to performing case-sensitive comparisons even on
case-insensitive operating systems and file systems. An
unauthenticated, remote attacker can exploit this to
bypass intended access restrictions, resulting in the
disclosure of sensitive information. (CVE-2008-4360)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://redmine.lighttpd.net/issues/285
https://redmine.lighttpd.net/issues/1589
https://redmine.lighttpd.net/issues/1589
https://redmine.lighttpd.net/issues/1774
http://www.nessus.org/u?3d6f179d

Solution :

Upgrade to lighttpd version 1.4.20 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 34332 (lighttpd_1_4_20.nasl)

Bugtraq ID: 28489
31434
31599
31600

CVE ID: CVE-2008-1531
CVE-2008-4298
CVE-2008-4359
CVE-2008-4360