3 matches found
CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
CVE-2025-12642 HTTP Header Smuggling via Trailer Merge
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts reque...
CVE-2025-12642
Lighttpd 1.4.80 is affected by an HTTP header smuggling vulnerability caused by incorrectly merging trailer fields into headers during request parsing. This can enable bypassing access controls and injecting unsafe input into backend logic that relies on headers, with potential for HTTP Request S...