Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD1CD3CA42-33E6-11E2-A255-5404A67EEF98
HistoryNov 17, 2012 - 12:00 a.m.

lighttpd -- remote DoS in header parsing

2012-11-1700:00:00
vuxml.freebsd.org
26

0.711 High

EPSS

Percentile

98.0%

JSON

Lighttpd security advisory reports:

Certain Connection header values will trigger an endless loop, for example:
“Connection: TE,Keep-Alive”
On receiving such value, lighttpd will enter an endless loop,
detecting an empty token but not incrementing the current string
position, and keep reading the ‘,’ again and again.
This bug was introduced in 1.4.31, when we fixed an “invalid read”
bug (it would try to read the byte before the string if it started
with ‘,’, although the value wasn’t actually used).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchlighttpd< 1.4.32UNKNOWN

Related

checkpoint_advisories 1
fedora 2
seebug 2
cve 1
debiancve 1
nessus 8
prion 1
openvas 9
ubuntucve 1
exploitpack 1
packetstorm 1
myhack58 1
amazon 1
cvelist 1
exploitdb 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
lighttpd Connection Header Parsing Denial of Service (CVE-2012-5533)
2012-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: lighttpd-1.4.32-1.fc18
2013-09-03 22:29:53
[SECURITY] Fedora 19 Update: lighttpd-1.4.32-1.fc19
2013-09-03 22:31:38
seebug
seebug
lighttpd畸形HTTP Connection域处理拒绝服务漏洞
2012-11-23 00:00:00
lighttpd 1.4.31 Denial of Service PoC
2014-07-01 00:00:00
cve
cve
CVE-2012-5533
2012-11-24 20:55:00
debiancve
debiancve
CVE-2012-5533
2012-11-24 20:55:00
nessus
nessus
Amazon Linux AMI : lighttpd (ALAS-2013-179)
2013-09-04 00:00:00
Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344)
2013-09-04 00:00:00
FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)
2012-11-23 00:00:00
prion
prion
Cross site request forgery (csrf)
2012-11-24 20:55:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2013-179)
2015-09-08 00:00:00
FreeBSD Ports: lighttpd
2012-11-26 00:00:00
Fedora Update for lighttpd FEDORA-2013-15344
2013-09-06 00:00:00
ubuntucve
ubuntucve
CVE-2012-5533
2012-11-24 00:00:00
exploitpack
exploitpack
lighttpd 1.4.31 - Denial of Service (PoC)
2012-11-22 00:00:00
packetstorm
packetstorm
Simple Lighttpd 1.4.31 Denial Of Service
2012-11-22 00:00:00
myhack58
myhack58
lighttpd domain processing denial of service vulnerability environment from the reproduction to the analysis-vulnerability warning-the black bar safety net
2017-08-23 00:00:00
amazon
amazon
Medium: lighttpd
2013-04-11 17:24:00
cvelist
cvelist
CVE-2012-5533
2012-11-24 20:00:00
exploitdb
exploitdb
lighttpd 1.4.31 - Denial of Service (PoC)
2012-11-22 00:00:00
gentoo
gentoo
lighttpd: Multiple vulnerabilities
2014-06-13 00:00:00

0.711 High

EPSS

Percentile

98.0%

JSON
Related for 1CD3CA42-33E6-11E2-A255-5404A67EEF98
checkpoint_advisories1fedora2seebug2cve1debiancve1nessus8prion1openvas9ubuntucve1exploitpack1packetstorm1myhack581amazon1cvelist1exploitdb1gentoo1