CVE-2012-5533

描述

The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.

受影響套件(1)

• Debian/lighttpdfrom 0, < 1.4.31-2

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-5533