CVE-2010-0295

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 03 Feb 2010, 19:00
Last modified:07 Aug 2024, 00:45

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
5.56% LOW
6% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected

Timeline

03 Feb 2010, 19:00
Published
Vulnerability first disclosed
07 Aug 2024, 00:45
Last Modified
Vulnerability information updated

Description

lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.

CVSS Metrics

  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 5.56% Percentile: 90%

Techniques & Countermeasures

  • CWE-399Resource Management Errors

    Weaknesses in this category are related to improper management of system resources.

Affected Systems

  • lighttpdlighttpd

    ≤ 1.4.25 | 1.0.2 | 1.0.3 | 1.1.0 | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.4 | 1.1.5 | 1.1.6 | 1.1.7 | 1.1.8 | 1.1.9 | 1.2.0 | 1.2.1 | 1.2.2 | 1.2.3 | 1.2.5 | 1.2.6 | 1.2.7 | 1.2.8 | 1.3.0 | 1.3.1 | 1.3.2 | 1.3.3 | 1.3.4 | 1.3.5 | 1.3.6 | 1.3.8 | 1.3.9 | 1.3.10 | 1.3.11 | 1.3.12 | 1.3.13 | 1.3.14 | 1.3.15 | 1.3.16 | 1.4.0 | 1.4.2 | 1.4.3 | 1.4.4 | 1.4.5 | 1.4.6 | 1.4.7 | 1.4.8 | 1.4.9 | 1.4.10 | 1.4.11 | 1.4.12 | 1.4.13 | 1.4.14 | 1.4.15 | 1.4.16 | 1.4.17 | 1.4.18 | 1.4.19 | 1.4.20 | 1.4.21 | 1.4.22 | 1.4.23 | 1.4.24 | 1.5.0

References (19)