CVE-2012-5533

The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:lighttpd:lighttpd:1.4.32:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.31:*:*:*:*:*:*:*

Information

Published : 2012-11-24 12:55

Updated : 2017-08-28 18:32


NVD link : CVE-2012-5533

Mitre link : CVE-2012-5533


JSON object : View

CWE
CWE-399

Resource Management Errors

Advertisement

dedicated server usa

Products Affected

lighttpd

  • lighttpd