Description

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Remediation

References

CVE-2008-0983

Related Vulnerabilities

Moodle Improper Access Control Vulnerability (CVE-2016-2159)

WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)

WordPress Plugin SagePay Server Gateway for WooCommerce Cross-Site Scripting (1.0.8)

Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)

Severity

Medium

Classification

CVE-2008-0983

Tags

Missing Update Known Vulnerabilities