CVE-2008-4298
lighttpd - various problems
EPSS 2.6%
Description
Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.
How to fix CVE-2008-4298
To remediate CVE-2008-4298, upgrade the affected package to a fixed version below.
- Debian/lighttpd—upgrade to 1.4.19-5 or later
- Debian/lighttpd—upgrade to 1.4.13-4etch11 or later
Is CVE-2008-4298 being exploited?
Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.19-5
- from 0, < 1.4.13-4etch11