The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Max CVSS
5.0
EPSS Score
71.09%
Published
2012-11-24
Updated
2017-08-29
1 vulnerabilities found