Launchpad.net

CVE 2007-1869

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.

Related bugs and status

CVE-2007-1869 (Candidate) is related to these bugs:

Bug #106416: 2 new security fixes in 1.4.14

Summary				In	Importance	Status
	106416	2 new security fixes in 1.4.14		lighttpd (Ubuntu)	Medium	Fix Released

Bug #107628: DoS-vulnerability in lighttpd

		In	Importance	Status
107628	DoS-vulnerability in lighttpd	lighttpd (Ubuntu)	Medium	Fix Released
107628	DoS-vulnerability in lighttpd	lighttpd (Ubuntu Dapper)	Undecided	Fix Released
107628	DoS-vulnerability in lighttpd	lighttpd (Ubuntu Edgy)	Undecided	Fix Released
107628	DoS-vulnerability in lighttpd	lighttpd (Ubuntu Feisty)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.lighttpd.ne...
SECUNIA: 24886
SUSE: SUSE-SR:2007:007
BID: 23515
SECUNIA: 24995
GENTOO: GLSA-200705-07
SECUNIA: 25166
CONFIRM: https://issues.rpath.c...
SECUNIA: 24947
DEBIAN: DSA-1303
SECUNIA: 25613
VUPEN: ADV-2007-1399
XF: lighttpd-rnrn-dos(33671)
BUGTRAQ: 20070420 FLEA-2007-001...