Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-5533

Published: 24/11/2012 Updated: 29/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Lighttpd

Vulnerability Summary

The http_request_split_value function in request.c in lighttpd prior to 1.4.32 allows remote malicious users to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.

Vulnerable Product Search on Vulmon Subscribe to Product

lighttpd lighttpd 1.4.32

lighttpd lighttpd 1.4.31

Vendor Advisories

Amazon Linux AMI: ALAS-2013-179
The http_request_split_value function in requestc in lighttpd before 1432 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header ...

Exploits

Exploit DB: lighttpd 1.4.31 - Denial of Service (PoC)
#!/bin/bash # Exploit Title: simple lighttpd 1431 DOS POC # Date: 11/21/2012 # Exploit Author: t4c@ghcifde # Vendor Homepage: wwwlighttpdnet # Software Link: downloadlighttpdnet/lighttpd/releases-14x/lighttpd-1431targz # Version: 1431 # Tested on: Debian Linux, Gentoo Linux, Arch Linux # CVE: CVE-2012-5533 if [ $# -lt ...
Exploit DB: Simple Lighttpd 1.4.31 Denial Of Service
Simple Lighttpd version 1431 denial of service proof of concept exploit ...

References

CWE-399http://osvdb.org/87623http://www.exploit-db.com/exploits/22902http://www.securityfocus.com/bid/56619http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patchhttp://secunia.com/advisories/51298http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txthttp://lists.opensuse.org/opensuse-updates/2012-11/msg00044.htmlhttp://www.openwall.com/lists/oss-security/2012/11/21/1http://www.securitytracker.com/id?1027802http://secunia.com/advisories/51268http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00051.htmlhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0345http://www.mandriva.com/security/advisories?name=MDVSA-2013:100http://marc.info/?l=bugtraq&m=141576815022399&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/80213https://nvd.nist.govhttps://www.exploit-db.com/exploits/22902/https://alas.aws.amazon.com/ALAS-2013-179.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook