Description

The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.

Remediation

References

CVE-2012-5533

Related Vulnerabilities

WordPress Plugin Quotes Collection Cross-Site Scripting (2.0.5)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37302)

WordPress Plugin DSubscribers SQL Injection (1.2)

WordPress Plugin WooCommerce Cross-Site Request Forgery (3.6.4)

PHP Other Vulnerability (CVE-2021-21707)

Severity

Medium

Classification

CVE-2012-5533

Tags

Missing Update Known Vulnerabilities