5

CVE-2012-5533

Exploit
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LighttpdLighttpd Version1.4.31
LighttpdLighttpd Version1.4.32
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.04% 0.956
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch
Patch
http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00044.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00051.html
http://marc.info/?l=bugtraq&m=141576815022399&w=2
http://osvdb.org/87623
http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html
http://secunia.com/advisories/51268
Vendor Advisory
http://secunia.com/advisories/51298
Vendor Advisory
http://www.exploit-db.com/exploits/22902
Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2013:100
http://www.openwall.com/lists/oss-security/2012/11/21/1
http://www.securityfocus.com/bid/56619
Exploit
http://www.securitytracker.com/id?1027802
https://exchange.xforce.ibmcloud.com/vulnerabilities/80213
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0345