Oval Definition:oval:org.mitre.oval:def:7142
Revision Date:2014-06-23Version:21
Title:DSA-1987 lighttpd -- denial of service
Description:Li Ming discovered that lighttpd, a small and fast webserver with minimal memory footprint, is vulnerable to a denial of service attack due to bad memory handling. Slowly sending very small chunks of request data causes lighttpd to allocate new buffers for each read instead of appending to old ones. An attacker can abuse this behaviour to cause denial of service conditions due to memory exhaustion.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-0295
DSA-1987
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):lighttpd
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND lighttpd-doc is earlier than 1.4.19-5+lenny1
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is hppa
  • AND Packages section
  • lighttpd-mod-mysql-vhost is earlier than 1.4.19-5+lenny1
  • OR lighttpd-mod-magnet is earlier than 1.4.19-5+lenny1
  • OR lighttpd is earlier than 1.4.19-5+lenny1
  • OR lighttpd-mod-cml is earlier than 1.4.19-5+lenny1
  • OR lighttpd-mod-webdav is earlier than 1.4.19-5+lenny1
  • OR lighttpd-mod-trigger-b4-dl is earlier than 1.4.19-5+lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND lighttpd-doc is earlier than 1.4.13-4etch12
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • lighttpd-mod-mysql-vhost is earlier than 1.4.13-4etch12
  • OR lighttpd-mod-magnet is earlier than 1.4.13-4etch12
  • OR lighttpd is earlier than 1.4.13-4etch12
  • OR lighttpd-mod-cml is earlier than 1.4.13-4etch12
  • OR lighttpd-mod-webdav is earlier than 1.4.13-4etch12
  • OR lighttpd-mod-trigger-b4-dl is earlier than 1.4.13-4etch12
    • BACK