In association with heise online

29 September 2008, 10:31

DoS vulnerability in Lighttpd server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lighttpd, the lightweight web server, is vunerable to a denial of service attack due to a memory leak. If the server is exposed to HTTP requests with duplicated request data, the memory for previous request data is not released, leaking memory which could eventually slow or stop the server.

The error has been found in Lighttpd 1.4.19, with a source code patch available which has been integrated into the Lighthttpd repository, which also fixes the issue for the pre-release Lighttpd 1.4.20 which should be available soon.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit