Vulnerabilities

CVE-2012-5533

by Fred · 24/11/2012

The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.

Date published : 2012-11-24

http://www.securityfocus.com/bid/56619

http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt

Similar

Tags: Cybersecurity Alert