CVE-2007-1870

Published: Apr 18, 2007Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.

Affected (30)

Products: Lighttpd: Lighttpd

1 product

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Lighttpd Lighttpd	Version 1.3.0
Lighttpd Lighttpd	Version 1.3.10
Lighttpd Lighttpd	Version 1.3.11
Lighttpd Lighttpd	Version 1.3.12
Lighttpd Lighttpd	Version 1.3.13
Lighttpd Lighttpd	Version 1.3.14
Lighttpd Lighttpd	Version 1.3.15
Lighttpd Lighttpd	Version 1.3.16
Lighttpd Lighttpd	Version 1.3.1
Lighttpd Lighttpd	Version 1.3.2
Lighttpd Lighttpd	Version 1.3.3
Lighttpd Lighttpd	Version 1.3.4
Lighttpd Lighttpd	Version 1.3.5
Lighttpd Lighttpd	Version 1.3.6
Lighttpd Lighttpd	Version 1.3.7
Lighttpd Lighttpd	Version 1.3.8
Lighttpd Lighttpd	Version 1.3.9
Lighttpd Lighttpd	Version 1.4.0
Lighttpd Lighttpd	Version 1.4.10
Lighttpd Lighttpd	Version 1.4.12
Lighttpd Lighttpd	Version 1.4.13
Lighttpd Lighttpd	Version 1.4.1
Lighttpd Lighttpd	Version 1.4.2
Lighttpd Lighttpd	Version 1.4.3
Lighttpd Lighttpd	Version 1.4.4
Lighttpd Lighttpd	Version 1.4.5
Lighttpd Lighttpd	Version 1.4.6
Lighttpd Lighttpd	Version 1.4.7
Lighttpd Lighttpd	Version 1.4.8
Lighttpd Lighttpd	Version 1.4.9

References (28)

http://secunia.com/advisories/24886

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/24947

Source: cve@mitre.org

http://secunia.com/advisories/24995

Source: cve@mitre.org

http://secunia.com/advisories/25166

Source: cve@mitre.org

http://secunia.com/advisories/25613

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200705-07.xml

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1303

Source: cve@mitre.org

http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_007_suse.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/466464/30/6900/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/23515

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1399

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/33678

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-1218

Source: cve@mitre.org

http://secunia.com/advisories/24886

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/24947

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24995

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25166

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25613

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200705-07.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1303

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2007_007_suse.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/466464/30/6900/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/23515

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/1399

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/33678

Source: af854a3a-2127-422b-91ae-364da2661108

https://issues.rpath.com/browse/RPL-1218

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.