CVE-ID |
CVE-2012-5533
|
Learn more at National Vulnerability Database (NVD)
• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
|
Description |
The http_request_split_value function in request.c in lighttpd before
1.4.32 allows remote attackers to cause a denial of service (infinite
loop) via a request with a header containing an empty token, as
demonstrated using the "Connection: TE,,Keep-Alive" header.
|
References |
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
|
- EXPLOIT-DB:22902
- URL:www.exploit-db.com/exploits/22902
- MLIST:[oss-security] 20121121 lighttpd 1.4.32 released, fixing CVE-2012-5533
- URL:www.openwall.com/lists/oss-security/2012/11/21/1
- MISC:download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch
- CONFIRM:download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt
- SUSE:openSUSE-SU-2012:1532
- URL:lists.opensuse.org/opensuse-updates/2012-11/msg00044.html
- BID:56619
- URL:www.securityfocus.com/bid/56619
- OSVDB:87623
- URL:osvdb.org/87623
- SECTRACK:1027802
- URL:www.securitytracker.com/id?1027802
- SECUNIA:51268
- URL:secunia.com/advisories/51268
- SECUNIA:51298
- URL:secunia.com/advisories/51298
|
Date Entry Created |
20121024 |
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
|
Phase (Legacy) |
Assigned (20121024) |
Votes (Legacy) |
|
Comments (Legacy) |
|
Proposed (Legacy) |
N/A |
This is an entry on the CVE
list, which standardizes names for security
problems. |
Search CVE Using Keywords:
You can also search by reference using the CVE Reference Maps.
|
For More Information: cve@mitre.org
|