CVE-2012-5533
lighttpd <1.4.32 - DoS
Title source: llmDescription
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Exploits (1)
References (16)
Scores
EPSS
0.3791
EPSS Percentile
97.2%
Details
CWE
CWE-399
Status
published
Products (2)
lighttpd/lighttpd
1.4.31
lighttpd/lighttpd
1.4.32
Published
Nov 24, 2012
Tracked Since
Feb 18, 2026