FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Lighttpd security advisory reports :

Certain Connection header values will trigger an endless loop, for
example : 'Connection: TE,,Keep-Alive'

On receiving such value, lighttpd will enter an endless loop,
detecting an empty token but not incrementing the current string
position, and keep reading the ',' again and again.

This bug was introduced in 1.4.31, when we fixed an 'invalid read' bug
(it would try to read the byte before the string if it started with
',', although the value wasn't actually used).

See also :

http://www.nessus.org/u?0046f90a

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 63016 ()

Bugtraq ID:

CVE ID: CVE-2012-5533