FreeBSD : lighttpd -- Remote DOS in CRLF parsing (d2b48d30-ea97-11db-a802-000fea2763ce)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Lighttpd SA :

If the connection aborts during parsing '\r\n\r\n' the server might
get into a infinite loop and use 100% of the CPU time. lighttpd still
responses to other requests. This can be repeated until either the
server limit for concurrent connections or file descriptors is
reached.

The bug was reported and fixed by Robert Jakabosky.

See also :

http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt
http://www.nessus.org/u?793c7751

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25052 (freebsd_pkg_d2b48d30ea9711dba802000fea2763ce.nasl)

Bugtraq ID:

CVE ID: CVE-2007-1869

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now