Description
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sermon Browser Cross-Site Scripting and SQL Injection Vulnerabilities (0.43)
WordPress Plugin Popup box SQL Injection (2.3.3)
WordPress Plugin WordPress Video Player Multiple Vulnerabilities (1.5.4)
WordPress Plugin WP Keyword Link Multiple Cross-Site Scripting Vulnerabilities (1.7)