In association with heise online

25 February 2008, 16:39

DoS vulnerability in the lighttpd web server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A bug in the current version of the popular lighttpd open source lean web server can be used to remotely crash it. The vulnerability is due to a computation error when creating the global file descriptor array. This results in a memory error that crashes the server under heavy loads.

The bug has been confirmed in both the stable version 1.4.18, and the developer version 1.5. Previous versions after 1.4.8 are affected, since it introduced in that version, according to the bug comments. The error has already been remedied in the project's subversion repository. source code patches are also available for download. However, there is no official update yet.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit