Intrusion Prevention

Lighttpd.url-path-2f-decode.DoS

Description

This indicates an attack attempt to exploit a Denial of Service Vulnerability in Lighttpd Project Lighttpd.
A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful exploitation of this vulnerability could result in denial-of-service conditions on the target server.

Affected Products

Lighttpd Project Lighttpd prior to 1.4.54

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354

CVE References

CVE-2019-11072