The http_request_split_value function in request.c in lighttpd prior to 1.4.32 allows remote malicious users to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lighttpd lighttpd 1.4.32 |
||
lighttpd lighttpd 1.4.31 |