The host is running Lighttpd HTTP Server and is prone to denial of service vulnerability.

Successful exploitation could allow attackers to cause a denial of service via crafted Connection header values. Impact Level: Application

Upgrade to 1.4.32 or apply the patch from, http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch

The flaw is due to an error when processing certain Connection header values leading to enter in an endless loop denying further request processing.

Lighttpd version 1.4.31

• http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt
• http://seclists.org/fulldisclosure/2012/Nov/156
• http://seclists.org/oss-sec/2012/q4/320
• http://www.exploit-db.com/exploits/22902
• http://www.lighttpd.net/2012/11/21/1-4-32

---

Updated on 2015-03-25