Login Sign Up

CVE-2022-30780

7.5 HIGH
Denial of Service

📋 TL;DR

A typo in Lighttpd's connection handling code causes the server to get stuck processing large HTTP headers, consuming CPU resources indefinitely. This allows remote attackers to cause denial of service by sending specially crafted requests. All Lighttpd servers running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Lighttpd
Versions: 1.4.56 through 1.4.58
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations are vulnerable as the bug is in core connection handling code.

📦 What is this software?

Lighttpd by Lighttpd

View all CVEs affecting Lighttpd →

Lighttpd by Lighttpd

View all CVEs affecting Lighttpd →

Lighttpd by Lighttpd

View all CVEs affecting Lighttpd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to CPU exhaustion, potentially affecting all hosted websites and applications.

🟠

Likely Case

Degraded performance and intermittent service disruptions as connections get stuck.

🟢

If Mitigated

Minimal impact with proper monitoring and rate limiting in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP requests with large headers can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.59

Vendor Advisory: https://redmine.lighttpd.net/issues/3059

Restart Required: Yes

Instructions:

1. Download Lighttpd 1.4.59 or later from official sources. 2. Stop the Lighttpd service. 3. Install the new version. 4. Restart the Lighttpd service.

🔧 Temporary Workarounds

Rate Limit HTTP Headers

all

Configure reverse proxy or WAF to limit header size and rate limit requests.

# Example nginx config: client_header_buffer_size 1k; large_client_header_buffers 4 8k;

🧯 If You Can't Patch

  • Deploy a reverse proxy or WAF in front of Lighttpd to filter malicious requests.
  • Implement network-level rate limiting and monitor for abnormal connection patterns.

🔍 How to Verify

Check if Vulnerable:

Check Lighttpd version with: lighttpd -v

Check Version:

lighttpd -v

Verify Fix Applied:

Confirm version is 1.4.59 or higher with: lighttpd -v

📡 Detection & Monitoring

Log Indicators:

  • Multiple connections stuck in reading state
  • High CPU usage without corresponding request completion

Network Indicators:

  • HTTP requests with abnormally large headers
  • Multiple connections from single source with incomplete requests

SIEM Query:

source="lighttpd.log" AND ("stuck" OR "read_header" OR "connection_read_header_more")

📊 Metadata

CVE ID: CVE-2022-30780
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-682
Published: June 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30780, you might also want to check these:

CVE-2023-2163 10.0

A Linux kernel vulnerability in the BPF verifier incorrectly marks unsafe code paths as safe, allowi...

Same vulnerability type (CWE-682)
CVE-2026-1229 9.8

A cryptographic vulnerability in CIRCL's P-384 elliptic curve implementation produces incorrect Comb...

Same vulnerability type (CWE-682)
CVE-2024-36736 9.8

CVE-2024-36736 is a critical vulnerability in OneFlow's permute component that causes incorrect calc...

Same vulnerability type (CWE-682)