CVE-2007-1869

Publication date 18 April 2007

Last updated 17 July 2025

Ubuntu priority

Description

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
lighttpd	7.10 gutsy	Fixed 1.4.18-1ubuntu1
	7.04 feisty	Fixed 1.4.13-9ubuntu4.2
	6.10 edgy	Fixed 1.4.13~r1370-1ubuntu1.3
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

fujitsu

Scott noted in the bug that Dapper isn't affected.

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-1869