Lighttpd.mod_wstunnel.DoS

description-logoDescription

This indicates an attack attempt to exploit a Denial of Service Vulnerability in Lighttpd Project Lighttpd.
This vulnerability is due to insufficient handling of HTTP websocket handshake header requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successfully exploiting this vulnerability could result in denial of service and lead to crash.

affected-products-logoAffected Products

Lighttpd Project Lighttpd 1.4.63
Lighttpd Project Lighttpd 1.4.64
Lighttpd Project Lighttpd 1.4.65

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_66

Version Updates

Date Version Detail
2023-04-28 0.00347
2023-04-14 0.00346

CVE References

CVE-2022-37797