lighttpd < 1.4.20 Multiple Vulnerabilities

high Nessus Plugin ID 34332

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.20. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists in the connection_state_machine() function that is triggered when disconnecting before a download has finished. An unauthenticated, remote attacker can exploit this to cause all active SSL connections to be lost.
(CVE-2008-1531)

- A memory leak flaw exists in the http_request_parse() function. An unauthenticated, remote attacker can exploit this, via a large number of requests with duplicate request headers, to cause a denial of service condition. (CVE-2008-4298)

- A security bypass vulnerability exists due to comparing URIs to patterns in url.redirect and url.rewrite configuration settings before performing URL decoding.
An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure or modification of sensitive data.
(CVE-2008-4359)

- A security bypass vulnerability exists in mod_userdir due to performing case-sensitive comparisons even on case-insensitive operating systems and file systems. An unauthenticated, remote attacker can exploit this to bypass intended access restrictions, resulting in the disclosure of sensitive information. (CVE-2008-4360)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to lighttpd version 1.4.20 or later.

See Also

https://redmine.lighttpd.net/issues/285

https://redmine.lighttpd.net/issues/1589

https://redmine.lighttpd.net/issues/1774

http://www.nessus.org/u?3d6f179d

Plugin Details

Severity: High

ID: 34332

File Name: lighttpd_1_4_20.nasl

Version: 1.20

Type: remote

Family: Web Servers

Published: 10/3/2008

Updated: 7/13/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:lighttpd:lighttpd

Required KB Items: installed_sw/lighttpd, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-1531, CVE-2008-4298, CVE-2008-4359, CVE-2008-4360

BID: 28489, 31434, 31599, 31600

CWE: 200, 399