Description
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Abhisek Datta · rubyremotewindows
https://www.exploit-db.com/exploits/30322
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24967
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26158
Various Sources x_refsource_misc
http://trac.lighttpd.net/trac/changeset/1869
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38313
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2585
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26130
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474131/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26593
Various Sources x_refsource_confirm
http://trac.lighttpd.net/trac/ticket/1232
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1362
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200708-11.xml
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_15_sr.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26505
Scores
EPSS
0.1649
EPSS Percentile
94.9%
Details
Status
published
Products (1)
lighttpd/lighttpd
< 1.4.15
Published
Jul 24, 2007
Tracked Since
Feb 18, 2026