Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD1CD3CA42-33E6-11E2-A255-5404A67EEF98
HistoryNov 17, 2012 - 12:00 a.m.

lighttpd -- remote DoS in header parsing

2012-11-1700:00:00
vuxml.freebsd.org
30

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.663

Percentile

97.9%

JSON

Lighttpd security advisory reports:

Certain Connection header values will trigger an endless loop, for example:
โ€œConnection: TE,Keep-Aliveโ€
On receiving such value, lighttpd will enter an endless loop,
detecting an empty token but not incrementing the current string
position, and keep reading the โ€˜,โ€™ again and again.
This bug was introduced in 1.4.31, when we fixed an โ€œinvalid readโ€
bug (it would try to read the byte before the string if it started
with โ€˜,โ€™, although the value wasnโ€™t actually used).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchlighttpd<ย 1.4.32UNKNOWN

Related

prion 1
ubuntucve 1
openvas 9
nessus 8
checkpoint_advisories 1
fedora 2
debiancve 1
seebug 2
nvd 1
cve 1
amazon 1
cvelist 1
exploitdb 1
zdt 1
packetstorm 1
exploitpack 1
myhack58 1
gentoo 1
osv 1
prion
prion
Cross site request forgery (csrf)
2012-11-24 20:55:00
ubuntucve
ubuntucve
CVE-2012-5533
2012-11-24 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2013-179)
2015-09-08 00:00:00
Fedora Update for lighttpd FEDORA-2013-15345
2013-09-06 00:00:00
FreeBSD Ports: lighttpd
2012-11-26 00:00:00
nessus
nessus
Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344)
2013-09-04 00:00:00
Amazon Linux AMI : lighttpd (ALAS-2013-179)
2013-09-04 00:00:00
FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)
2012-11-23 00:00:00
checkpoint_advisories
checkpoint_advisories
lighttpd Connection Header Parsing Denial of Service (CVE-2012-5533)
2012-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: lighttpd-1.4.32-1.fc18
2013-09-03 22:29:53
[SECURITY] Fedora 19 Update: lighttpd-1.4.32-1.fc19
2013-09-03 22:31:38
debiancve
debiancve
CVE-2012-5533
2012-11-24 20:55:04
seebug
seebug
lighttpd็•ธๅฝขHTTP ConnectionๅŸŸๅค„็†ๆ‹’็ปๆœๅŠกๆผๆดž
2012-11-23 00:00:00
lighttpd 1.4.31 Denial of Service PoC
2014-07-01 00:00:00
nvd
nvd
CVE-2012-5533
2012-11-24 20:55:04
cve
cve
CVE-2012-5533
2012-11-24 20:55:04
amazon
amazon
Medium: lighttpd
2013-04-11 17:24:00
cvelist
cvelist
CVE-2012-5533
2012-11-24 20:00:00
exploitdb
exploitdb
lighttpd 1.4.31 - Denial of Service (PoC)
2012-11-22 00:00:00
zdt
zdt
lighttpd 1.4.31 Denial of Service PoC
2012-11-21 00:00:00
packetstorm
packetstorm
Simple Lighttpd 1.4.31 Denial Of Service
2012-11-22 00:00:00
exploitpack
exploitpack
lighttpd 1.4.31 - Denial of Service (PoC)
2012-11-22 00:00:00
myhack58
myhack58
lighttpd domain processing denial of service vulnerability environment from the reproduction to the analysis-vulnerability warning-the black bar safety net
2017-08-23 00:00:00
gentoo
gentoo
lighttpd: Multiple vulnerabilities
2014-06-13 00:00:00
osv
osv
lighttpd-1.4.37-1.6 on GA media
2024-06-15 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.663

Percentile

97.9%

JSON
Related for 1CD3CA42-33E6-11E2-A255-5404A67EEF98
prion1ubuntucve1openvas9nessus8checkpoint_advisories1fedora2debiancve1seebug2nvd1cve1amazon1cvelist1exploitdb1zdt1packetstorm1exploitpack1myhack581gentoo1osv1