VDB
CVE-2007-1869
CVE-2007-1869
PUBLISHED
CVSS 5 MEDIUM
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.
EPSS 5.59% · 90.5th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
5.59%
90.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| lighttpd | lighttpd | 1.4.12, 1.4.13 |
Timeline
- Apr 18, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 1, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 25613 third-party-advisory
- GLSA-200705-07 vendor-advisory
- ADV-2007-1399 vdb
- 24947 third-party-advisory
- SUSE-SR:2007:007 vendor-advisory
- lighttpd-rnrn-dos(33671) vdb
- 24995 third-party-advisory
- https://issues.rpath.com/browse/RPL-1218 url
- DSA-1303 vendor-advisory
- 23515 vdb
- http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt url
- 20070420 FLEA-2007-0011-1: lighttpd mailing-list
- 25166 third-party-advisory
- 24886 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-1869 advisory