Search for vulnerabilities
Vulnerability details: VCID-7543-w9h5-aaac
Vulnerability ID VCID-7543-w9h5-aaac
Aliases CVE-2008-0983
Summary lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.0409 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.04981 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.05704 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.09860 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.09860 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.09860 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.09860 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.09860 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.10214 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.10360 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.10360 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.10360 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.10360 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.10360 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
epss 0.10621 https://api.first.org/data/v1/epss?cve=CVE-2008-0983
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=434163
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-0983
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0983.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0983
http://secunia.com/advisories/29066
http://secunia.com/advisories/29166
http://secunia.com/advisories/29209
http://secunia.com/advisories/29268
http://secunia.com/advisories/29622
http://secunia.com/advisories/31104
http://security.gentoo.org/glsa/glsa-200803-10.xml
https://issues.rpath.com/browse/RPL-2284
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00162.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00180.html
http://trac.lighttpd.net/trac/ticket/1562
http://wiki.rpath.com/Advisories:rPSA-2008-0084
http://www.debian.org/security/2008/dsa-1609
http://www.securityfocus.com/archive/1/488926/100/0/threaded
http://www.securityfocus.com/bid/27943
http://www.vupen.com/english/advisories/2008/0659/references
434163 https://bugzilla.redhat.com/show_bug.cgi?id=434163
466663 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466663
cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
CVE-2008-0983 https://nvd.nist.gov/vuln/detail/CVE-2008-0983
GLSA-200803-10 https://security.gentoo.org/glsa/200803-10
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0983
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.8799
EPSS Score 0.0409
Published At May 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.