lighttpd

• Author: Miklos Vajna
• Vulnerable: 1.4.19-2
• Unaffected: 1.4.20-1solaria1

A weakness and two vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

1. A vulnerability is caused due to a memory leak within the “http_request_parse()” function when processing duplicate request headers and can be exploited to exhaust all available memory.
2. A vulnerability is caused due to the “mod_userdir” module not correctly handling filenames on case insensitive file systems. This can be exploited to e.g. disclose potentially sensitive information by sending requests with mixed upper and lowercase characters.
3. A weakness is caused due to lighttpd not decoding requests before matching them with rewrite and redirect rules. This can be exploited to e.g. bypass the rewrite and redirect rules.

• Bug Tracker URL: http://bugs.frugalware.org/task/3375

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4298
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4360