https://github.com/p0dalirius/cve-2022-30780-lighttpd-denial-of-service

CVE-2022-30780 - lighttpd remote denial of service
https://github.com/p0dalirius/cve-2022-30780-lighttpd-denial-of-service

cve cve-2022-30780 denial exploit lighttpd pentest remote service

Last synced: about 2 months ago
JSON representation

CVE-2022-30780 - lighttpd remote denial of service

• Host: GitHub
• URL: https://github.com/p0dalirius/cve-2022-30780-lighttpd-denial-of-service
• Owner: p0dalirius
• Created: 2022-05-18T12:01:17.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2024-03-16T08:26:24.000Z (9 months ago)
• Last Synced: 2024-05-01T17:26:38.876Z (8 months ago)
• Topics: cve, cve-2022-30780, denial, exploit, lighttpd, pentest, remote, service
• Language: Perl
• Homepage: https://podalirius.net/
• Size: 4.03 MB
• Stars: 16
• Watchers: 2
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# CVE-2022-30780 - lighttpd remote denial of service



   CVE-2022-30780 - lighttpd remote denial of service

   


   

   

   

   


   




## Summary

An unauthenticated attacker can send an HTTP request with an URL overflowing the maximum URL length, resulting in a denial of service.

### Vulnerable versions

The following versions of lighttpd are vulnerable:

| Software | Version                                                                                       | Vulnerable                |

|----------|-----------------------------------------------------------------------------------------------|---------------------------|

| Lighttpd | [1.4.58](https://api.github.com/repos/lighttpd/lighttpd1.4/zipball/refs/tags/lighttpd-1.4.58) | [Yes :white_check_mark:](./tests/1.4.58/) |

| Lighttpd | [1.4.57](https://api.github.com/repos/lighttpd/lighttpd1.4/zipball/refs/tags/lighttpd-1.4.57) | [Yes :white_check_mark:](./tests/1.4.57/) |

| Lighttpd | [1.4.56](https://api.github.com/repos/lighttpd/lighttpd1.4/zipball/refs/tags/lighttpd-1.4.56) | [Yes :white_check_mark:](./tests/1.4.56/) |

## Usage

```

$ ./CVE-2022-30780-lighttpd-denial-of-service.py -h

usage: CVE-2022-30780-lighttpd-denial-of-service.py [-h] [-v] -u URL [-k] [-t THREADS]

CVE-2022-30780-lighttpd-denial-of-service

optional arguments:

  -h, --help            show this help message and exit

  -v, --verbose         Verbose mode

  -u URL, --url URL     URL to connect to.

  -k, --insecure        Allow insecure server connections when using SSL (default: False)

  -t THREADS, --threads THREADS

                        Number of threads (default: 20)

```

## Demonstration

https://user-images.githubusercontent.com/79218792/169104678-62d1c35e-252d-4174-8a1d-3af7e4462ff2.mp4

## References

 - https://github.com/lighttpd/lighttpd1.4

 - https://podalirius.net/en/cves/2022-30780/

 - https://redmine.lighttpd.net/issues/3059