CVE-2010-0295
Lighttpd < 1.4.25 - Resource Management Error
Title source: ruleDescription
lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.
Exploits (1)
References (19)
Scores
EPSS
0.0556
EPSS Percentile
90.3%
Details
CWE
CWE-399
Status
published
Products (50)
lighttpd/lighttpd
1.0.2
lighttpd/lighttpd
1.0.3
lighttpd/lighttpd
1.1.0
lighttpd/lighttpd
1.1.1
lighttpd/lighttpd
1.1.2
lighttpd/lighttpd
1.1.3
lighttpd/lighttpd
1.1.4
lighttpd/lighttpd
1.1.5
lighttpd/lighttpd
1.1.6
lighttpd/lighttpd
1.1.7
... and 40 more
Published
Feb 03, 2010
Tracked Since
Feb 18, 2026