---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: lighttpd Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26130 VERIFY ADVISORY: http://secunia.com/advisories/26130/ CRITICAL: Moderately critical IMPACT: Security Bypass, DoS WHERE: >From remote SOFTWARE: lighttpd 1.x http://secunia.com/product/4661/ DESCRIPTION: Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). 1) An error in the processing of HTTP headers can be exploited to cause a DoS by sending duplicate HTTP headers with a trailing whitespace character. 2) An error in mod_auth can be exploited to cause a DoS by sending requests with the algorithm set to "MD5-sess" and without a cnonce. 3) An error when parsing Auth-Digest headers in mod_auth can potentially be exploited to cause a DoS by sending multiple whitespace characters. 4) An error exists in the mechanism that limits the number of active connections. This can be exploited to cause a DoS. 5) An error exists in the processing of HTTP requests. This can be exploited to access restricted files by adding a "/" to an URL. 6) An error exists in mod_scgi. This can be exploited to cause a DoS by sending a SCGI request and closing the connection while lighttpd processes the request. The vulnerabilities are reported in lighttpd-1.4.15. Previous versions may also be affected. SOLUTION: Fixed in the developer branch. 1) http://trac.lighttpd.net/trac/changeset/1869?format=diff&new=1869 2), 3) http://trac.lighttpd.net/trac/changeset/1875?format=diff&new=1875 4) http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873 5) http://trac.lighttpd.net/trac/changeset/1871?format=diff&new=1871 6) http://trac.lighttpd.net/trac/changeset/1882?format=diff&new=1882 PROVIDED AND/OR DISCOVERED BY: 1) Olaf van der Spek 2, 3) Stefan Esser 4) pyunyh 5) jay 6) jtate ORIGINAL ADVISORY: 1) http://trac.lighttpd.net/trac/ticket/1232 2, 3) http://trac.lighttpd.net/trac/changeset/1875 4) http://trac.lighttpd.net/trac/ticket/1216 5) http://trac.lighttpd.net/trac/ticket/1230 6) http://trac.lighttpd.net/trac/ticket/1263 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------