FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318877
Date:      2013-05-23
Time:      15:30:07Z
Committer: flo

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c6521b04-314b-11e1-9cf4-5404a67eef98lighttpd -- remote DoS in HTTP authentication

US-CERT/NIST reports:

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.


Discovery 2011-11-29
Entry 2011-12-28
lighttpd
lt 1.4.30

CVE-2011-4362
1a3bd81f-1b25-11df-bd1a-002170daae37lighttpd -- denial of service vulnerability

Lighttpd security advisory reports:

If you send the request data very slow (e.g. sleep 0.01 after each byte), lighttpd will easily use all available memory and die (especially for parallel requests), allowing a DoS within minutes.


Discovery 2010-02-02
Entry 2010-02-16
lighttpd
lt 1.4.26

38036
CVE-2010-0295
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt
c6521b04-314b-11e1-9cf4-5404a67eef98lighttpd -- remote DoS in HTTP authentication

US-CERT/NIST reports:

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.


Discovery 2011-11-29
Entry 2011-12-28
lighttpd
lt 1.4.30

CVE-2011-4362
1a3bd81f-1b25-11df-bd1a-002170daae37lighttpd -- denial of service vulnerability

Lighttpd security advisory reports:

If you send the request data very slow (e.g. sleep 0.01 after each byte), lighttpd will easily use all available memory and die (especially for parallel requests), allowing a DoS within minutes.


Discovery 2010-02-02
Entry 2010-02-16
lighttpd
lt 1.4.26

38036
CVE-2010-0295
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt