ID

VAR-201904-0995


CVE

CVE-2019-11072


TITLE

Lighttpd input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-13852 // CNNVD: CNNVD-201904-539

DESCRIPTION

lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit. ** Unsettled ** This case has not been confirmed as a vulnerability. lighttpd Contains an integer overflow vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-11072Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lighttpd is an open source web server for German JanKneschke software developers. An input validation error vulnerability exists in versions prior to lighttpd 1.4.54. The vulnerability stems from a network system or product that does not properly validate the input data. An attacker exploited the vulnerability to cause a denial of service or code execution vulnerability. lighttpd is prone to an integer overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed

Trust: 2.52

sources: NVD: CVE-2019-11072 // JVNDB: JVNDB-2019-003364 // CNVD: CNVD-2019-13852 // BID: 107907 // VULMON: CVE-2019-11072

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13852

AFFECTED PRODUCTS

vendor:lighttpdmodel:lighttpdscope:lteversion:1.4.53

Trust: 1.0

vendor:lighttpdmodel:lighttpdscope:ltversion:1.4.54

Trust: 0.8

vendor:janmodel:kneschke lighttpdscope:ltversion:1.4.54

Trust: 0.6

vendor:lighttpdmodel:lighttpdscope:eqversion:1.5

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.32

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.31

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.30

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.26

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.25

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.24

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.23

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.20

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.19

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.18

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.17

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.16

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.15

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.14

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.13

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.12

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.11

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.10

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.9

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.8

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.7

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.6

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.5

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.4

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.3

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.2

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.1

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.3.10

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.3.8

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.3.7

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.35

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.34

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:eqversion:1.4.33

Trust: 0.3

vendor:lighttpdmodel:lighttpdscope:neversion:1.4.54

Trust: 0.3

sources: CNVD: CNVD-2019-13852 // BID: 107907 // JVNDB: JVNDB-2019-003364 // NVD: CVE-2019-11072

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11072
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-11072
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-13852
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201904-539
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-11072
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11072
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-13852
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-11072
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-13852 // VULMON: CVE-2019-11072 // JVNDB: JVNDB-2019-003364 // CNNVD: CNNVD-201904-539 // NVD: CVE-2019-11072

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: JVNDB: JVNDB-2019-003364 // NVD: CVE-2019-11072

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-539

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-539

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003364

PATCH

title:[core] fix abort in http-parseopts (fixes #2945)url:https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354

Trust: 0.8

title:Bug #2945url:https://redmine.lighttpd.net/issues/2945

Trust: 0.8

title:Lighttpd enters a patch to verify the error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/160987

Trust: 0.6

title:lighttpd Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91354

Trust: 0.6

title:Debian CVElist Bug Report Logs: lighttpd: CVE-2019-11072url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=9b235b8ab3dbcb0acdb0f9df18f1403b

Trust: 0.1

title: - url:https://github.com/jreisinger/checkip

Trust: 0.1

sources: CNVD: CNVD-2019-13852 // VULMON: CVE-2019-11072 // JVNDB: JVNDB-2019-003364 // CNNVD: CNNVD-201904-539

EXTERNAL IDS

db:NVDid:CVE-2019-11072

Trust: 3.4

db:BIDid:107907

Trust: 2.6

db:JVNDBid:JVNDB-2019-003364

Trust: 0.8

db:CNVDid:CNVD-2019-13852

Trust: 0.6

db:CNNVDid:CNNVD-201904-539

Trust: 0.6

db:VULMONid:CVE-2019-11072

Trust: 0.1

sources: CNVD: CNVD-2019-13852 // VULMON: CVE-2019-11072 // BID: 107907 // JVNDB: JVNDB-2019-003364 // CNNVD: CNNVD-201904-539 // NVD: CVE-2019-11072

REFERENCES

url:http://www.securityfocus.com/bid/107907

Trust: 2.3

url:https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354

Trust: 2.0

url:https://redmine.lighttpd.net/issues/2945

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11072

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11072

Trust: 0.8

url:httpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354

Trust: 0.6

url:httpd/lig

Trust: 0.6

url:https://github.com/lig

Trust: 0.6

url:httpd.net/issues/2945

Trust: 0.6

url:https://redmine.lig

Trust: 0.6

url:http://www.lig

Trust: 0.6

url:httpd.net/versions/55

Trust: 0.6

url:httpd-denial-of-service-via-url-path-2f-decode-29025

Trust: 0.6

url:https://vigilance.fr/vulnerability/lig

Trust: 0.6

url:https://redmine.lighttpd.net/versions/55

Trust: 0.3

url:http://www.lighttpd.net/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=60000

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2019-13852 // VULMON: CVE-2019-11072 // BID: 107907 // JVNDB: JVNDB-2019-003364 // CNNVD: CNNVD-201904-539 // NVD: CVE-2019-11072

CREDITS

Stephan Zeisberg

Trust: 0.9

sources: BID: 107907 // CNNVD: CNNVD-201904-539

SOURCES

db:CNVDid:CNVD-2019-13852
db:VULMONid:CVE-2019-11072
db:BIDid:107907
db:JVNDBid:JVNDB-2019-003364
db:CNNVDid:CNNVD-201904-539
db:NVDid:CVE-2019-11072

LAST UPDATE DATE

2024-11-23T22:45:00.165000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-13852date:2019-05-13T00:00:00
db:VULMONid:CVE-2019-11072date:2023-11-07T00:00:00
db:BIDid:107907date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003364date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-539date:2019-04-24T00:00:00
db:NVDid:CVE-2019-11072date:2024-11-21T04:20:29.117

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-13852date:2019-05-13T00:00:00
db:VULMONid:CVE-2019-11072date:2019-04-10T00:00:00
db:BIDid:107907date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003364date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-539date:2019-04-10T00:00:00
db:NVDid:CVE-2019-11072date:2019-04-10T22:29:00.267