Vulnerabilities > CVE-2014-2469 - Remote Denial of Service vulnerability in Oracle Sunos 5.11.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |
Nessus
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS11_LIGHTTPD_20140721.NASL |
description | The remote Solaris system is missing necessary patches to address security updates : - lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate. (CVE-2010-0295) - The configuration file for the FastCGI PHP support for lighthttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. (CVE-2013-1427) - Unspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. (CVE-2014-2469) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 80699 |
published | 2015-01-19 |
reporter | This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/80699 |
title | Oracle Solaris Third-Party Patch Update : lighttpd (cve_2014_2469_denial_of) |
code |
|
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:66599 CVE ID:CVE-2014-2469 lighttpd是一款HTTP服务程序。 lighttpd存在一个未明错误,允许远程攻击者利用漏洞提交恶意请求使服务程序崩溃。 0 lighttpd 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of |
id | SSV:62079 |
last seen | 2017-11-19 |
modified | 2014-04-08 |
published | 2014-04-08 |
reporter | Root |
title | lighttpd拒绝服务漏洞 |