Vulnerability & Exploit Database

Displaying all 5 entries

Results for: CVE-2008-4298 Back to search

SUSE Linux Security Advisory: SUSE-SR:2008:026 Vulnerability

  • Severity: 10
  • Published: November 20, 2008

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.

FreeBSD: lighttpd -- multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 8
  • Published: October 03, 2008

mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration r...

SUSE Linux Security Vulnerability: CVE-2008-4298 Vulnerability

  • Severity: 5
  • Published: September 27, 2008

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

lighttpd: memory leak in request header handling (CVE-2008-4298) Vulnerability

  • Severity: 5
  • Published: September 27, 2008

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

Gentoo Linux: CVE-2008-4298: lighttpd: Multiple vulnerabilities Vulnerability

  • Severity: 5
  • Published: September 27, 2008

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.