lighttpd 'http_auth.c' Remote Denial of Service Vulnerability

Bugtraq ID:	50851
Class:	Boundary Condition Error
CVE:	CVE-2011-4362
Remote:	Yes
Local:	No
Published:	Nov 29 2011 12:00AM
Updated:	Apr 16 2015 05:42PM
Credit:	Xi Wang
Vulnerable:	lighttpd lighttpd 1.4.26 lighttpd lighttpd 1.4.25 lighttpd lighttpd 1.4.24 lighttpd lighttpd 1.4.23 lighttpd lighttpd 1.4.20 lighttpd lighttpd 1.4.19 lighttpd lighttpd 1.4.18 lighttpd lighttpd 1.4.17 lighttpd lighttpd 1.4.16 lighttpd lighttpd 1.4.15 lighttpd lighttpd 1.4.14 lighttpd lighttpd 1.4.13 lighttpd lighttpd 1.4.12 lighttpd lighttpd 1.4.11 lighttpd lighttpd 1.4.10 lighttpd lighttpd 1.4.9 lighttpd lighttpd 1.4.8 lighttpd lighttpd 1.4.7 lighttpd lighttpd 1.4.6 lighttpd lighttpd 1.4.5 lighttpd lighttpd 1.4.4 lighttpd lighttpd 1.4.3 lighttpd lighttpd 1.4.2 lighttpd lighttpd 1.4.1 lighttpd lighttpd 1.4 lighttpd lighttpd 1.3.10 lighttpd lighttpd 1.3.8 lighttpd lighttpd 1.3.7 lighttpd lighttpd 1.4.10a lighttpd lightrpd 1.4.23 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64
Not Vulnerable:	lighttpd lighttpd 1.4.30

lighttpd 'http_auth.c' Remote Denial of Service Vulnerability

lighttpd is prone to a remote denial-of-service vulnerability.

Successful exploits may allow the attacker to cause the application to crash, resulting in denial-of-service conditions.

lighttpd versions before 1.4.30 are vulnerable.

lighttpd 'http_auth.c' Remote Denial of Service Vulnerability

Attackers can use a browser to exploit this vulnerability.

The following exploit is available:

• /data/vulnerabilities/exploits/50851.c

lighttpd 'http_auth.c' Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

lighttpd 'http_auth.c' Remote Denial of Service Vulnerability

References:

• lighttpd Homepage (lighttpd)
  
• out-of-bounds read due to signedness error (ligttpd)