1405 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-12642
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attack...
CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
Lighttpd 1.4.80 HTTP Request/Response Smuggling Vulnerability
Lighttpd is prone to an HTTP request/response smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
UBUNTU-CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
CVE-2025-12642 HTTP Header Smuggling via Trailer Merge
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
CVE-2025-12642
Lighttpd 1.4.80 is affected by an HTTP header smuggling vulnerability caused by incorrectly merging trailer fields into headers during request parsing. This can enable bypassing access controls and injecting unsafe input into backend logic that relies on headers, with potential for HTTP Request S...
CVE-2025-12642 HTTP Header Smuggling via Trailer Merge
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
PT-2025-44791
Name of the Vulnerable Software and Affected Versions lighttpd version 1.4.80 Description The software improperly merges trailer fields into headers following HTTP request parsing, which can be leveraged to carry out HTTP Header Smuggling attacks. Successful exploitation could allow an attacker t...
lighttpd 安全漏洞
lighttpd is an open source web server from the individual developer Jan Kneschke in Germany. A security vulnerability exists in lighttpd version 1.4.80, which stems from incorrectly merging trailing fields into headers, which could lead to HTTP header smuggling attacks, bypassing access control...
OESA-2025-2464 lighttpd security update
Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...
MGASA-2025-0239 Updated varnish & lighttpd packages fix security vulnerability
It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing...
Updated varnish & lighttpd packages fix security vulnerability
It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing...
Mageia: Security Advisory (MGASA-2025-0239)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2013-4369
Malware in sbrugna...
EUVD-2018-5989
Malware in sbrugna...
EUVD-2008-0990
Malware in sbrugna...
EUVD-2018-21592
Malware in sbrugna...