Skip to content

p0dalirius/CVE-2022-30780-lighttpd-denial-of-service

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

.github

.github

 
 

tests

tests

 
 

CVE-2022-30780-lighttpd-denial-of-service.py

CVE-2022-30780-lighttpd-denial-of-service.py

 
 

README.md

README.md

 
 

generate_tests.py

generate_tests.py

 
 

vulnerable_versions.md

vulnerable_versions.md

 
 

Repository files navigation

CVE-2022-30780 - lighttpd remote denial of service

CVE-2022-30780 - lighttpd remote denial of service
GitHub release (latest by date) YouTube Channel Subscribers

Summary

An unauthenticated attacker can send an HTTP request with an URL overflowing the maximum URL length, resulting in a denial of service.

Vulnerable versions

The following versions of lighttpd are vulnerable:

Software Version Vulnerable
Lighttpd 1.4.58 Yes ✅
Lighttpd 1.4.57 Yes ✅
Lighttpd 1.4.56 Yes ✅

Usage

$ ./CVE-2022-30780-lighttpd-denial-of-service.py -h
usage: CVE-2022-30780-lighttpd-denial-of-service.py [-h] [-v] -u URL [-k] [-t THREADS]

CVE-2022-30780-lighttpd-denial-of-service

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Verbose mode
  -u URL, --url URL     URL to connect to.
  -k, --insecure        Allow insecure server connections when using SSL (default: False)
  -t THREADS, --threads THREADS
                        Number of threads (default: 20)

Demonstration

demo.mp4

References

About

CVE-2022-30780 - lighttpd remote denial of service

podalirius.net/

Topics

exploit service remote lighttpd cve pentest denial cve-2022-30780

Resources

Readme
Activity

Stars

16 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases 1

1.1 Latest
May 18, 2022

Sponsor this project

  •  
Learn more about GitHub Sponsors

Languages