Описание
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.4.28-2ubuntu4 |
| hardy | not-affected | 1.4.19-0ubuntu3.1 |
| lucid | not-affected | 1.4.26-1.1ubuntu3.1 |
| oneiric | not-affected | 1.4.28-2ubuntu2.1 |
| precise | not-affected | 1.4.28-2ubuntu4 |
| quantal | not-affected | 1.4.28-2ubuntu4 |
| upstream | released | 1.4.31-2 |
Показывать по
Ссылки на источники
5 Medium
CVSS2
Связанные уязвимости
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
The http_request_split_value function in request.c in lighttpd before ...
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
5 Medium
CVSS2