Lucene search
K

1405 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/06 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-12642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attack...

9.1CVSS5.5AI score0.00336EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/05 9:9 a.m.12 views

CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

9.1CVSS7AI score0.00336EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/11/04 12:0 a.m.5 views

Lighttpd 1.4.80 HTTP Request/Response Smuggling Vulnerability

Lighttpd is prone to an HTTP request/response smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.1CVSS6.7AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2025/11/03 8:17 p.m.10 views

CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

9.1CVSS0.00336EPSS
Exploits0References1
OSV
OSV
added 2025/11/03 8:17 p.m.10 views

CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

9.1CVSS7AI score
Exploits0References1
OSV
OSV
added 2025/11/03 8:17 p.m.7 views

UBUNTU-CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

9.1CVSS5.8AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/03 7:36 p.m.19 views

CVE-2025-12642 HTTP Header Smuggling via Trailer Merge

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

6.9CVSS0.00336EPSS
Exploits0References1
CVE
CVE
added 2025/11/03 7:36 p.m.20 views

CVE-2025-12642

Lighttpd 1.4.80 is affected by an HTTP header smuggling vulnerability caused by incorrectly merging trailer fields into headers during request parsing. This can enable bypassing access controls and injecting unsafe input into backend logic that relies on headers, with potential for HTTP Request S...

9.1CVSS6.6AI score0.00336EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/03 7:36 p.m.5 views

CVE-2025-12642 HTTP Header Smuggling via Trailer Merge

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

6.9CVSS6.6AI score0.00336EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/11/03 7:36 p.m.9 views

CVE-2025-12642

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...

9.1CVSS5.2AI score0.00336EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.10 views

PT-2025-44791

Name of the Vulnerable Software and Affected Versions lighttpd version 1.4.80 Description The software improperly merges trailer fields into headers following HTTP request parsing, which can be leveraged to carry out HTTP Header Smuggling attacks. Successful exploitation could allow an attacker t...

6.9CVSS6.5AI score0.00336EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.5 views

lighttpd 安全漏洞

lighttpd is an open source web server from the individual developer Jan Kneschke in Germany. A security vulnerability exists in lighttpd version 1.4.80, which stems from incorrectly merging trailing fields into headers, which could lead to HTTP header smuggling attacks, bypassing access control...

9.1CVSS6.4AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 2025/10/17 2:55 p.m.7 views

OESA-2025-2464 lighttpd security update

Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...

7.5CVSS6.6AI score0.0351EPSS
Exploits3References2
OSV
OSV
added 2025/10/17 1:40 a.m.4 views

MGASA-2025-0239 Updated varnish & lighttpd packages fix security vulnerability

It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing...

7.5CVSS6.9AI score0.0351EPSS
Exploits3References4
Mageia
Mageia
added 2025/10/17 1:40 a.m.7 views

Updated varnish & lighttpd packages fix security vulnerability

It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing...

7.5CVSS6.9AI score0.0351EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2025/10/17 12:0 a.m.6 views

Mageia: Security Advisory (MGASA-2025-0239)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.0351EPSS
Exploits3References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-4369

Malware in sbrugna...

7.5CVSS6.7AI score0.02626EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-5989

Malware in sbrugna...

10CVSS9.4AI score0.07016EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2008-0990

Malware in sbrugna...

5CVSS7.3AI score0.02312EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-21592

Malware in sbrugna...

5.3CVSS6AI score0.00662EPSS
Exploits0References7
Rows per page
Query Builder