Lucene search

K

Ubuntu.comUB:CVE-2012-5533

HistoryNov 24, 2012 - 12:00 a.m.

CVE-2012-5533

2012-11-2400:00:00

ubuntu.com

ubuntu.com

14

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.663

Percentile

97.9%

The http_request_split_value function in request.c in lighttpd before
1.4.32 allows remote attackers to cause a denial of service (infinite loop)
via a request with a header containing an empty token, as demonstrated
using the “Connection: TE,Keep-Alive” header.

References

download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch

download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt

lists.opensuse.org/opensuse-updates/2012-11/msg00044.html

osvdb.org/87623

secunia.com/advisories/51268

secunia.com/advisories/51298

www.exploit-db.com/exploits/22902

www.openwall.com/lists/oss-security/2012/11/21/1

www.securitytracker.com/id?1027802

launchpad.net/bugs/cve/CVE-2012-5533

nvd.nist.gov/vuln/detail/CVE-2012-5533

security-tracker.debian.org/tracker/CVE-2012-5533

www.cve.org/CVERecord?id=CVE-2012-5533

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.663

Percentile

97.9%

Related for UB:CVE-2012-5533

prion1 openvas9 nessus8 checkpoint_advisories1 fedora2 freebsd1 debiancve1 seebug2 nvd1 cve1 amazon1 cvelist1 exploitdb1 zdt1 packetstorm1 exploitpack1 myhack581 gentoo1 osv1