CVE-2012-5533
published 2012-11-24CVE-2012-5533: The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
12.04%
95.6th percentile
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lighttpd | < lighttpd 1.4.31-2 (bookworm) | lighttpd 1.4.31-2 (bookworm) |
| lighttpd | lighttpd | — | — |
| lighttpd | lighttpd | — | — |
| lighttpd | lighttpd | >= 0 < 1.4.31-2 | 1.4.31-2 |
| lighttpd | lighttpd | >= 0 < 1.4.31-2 | 1.4.31-2 |
| lighttpd | lighttpd | >= 0 < 1.4.31-2 | 1.4.31-2 |
| lighttpd | lighttpd | >= 0 < 1.4.31-2 | 1.4.31-2 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v87j-h4pq-fh3j: The http_request_split_value function in request
ghsa_unreviewed·2022-05-17
CVE-2012-5533 [MEDIUM] GHSA-v87j-h4pq-fh3j: The http_request_split_value function in request
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
OSV
CVE-2012-5533: The http_request_split_value function in request
osv·2012-11-24·CVSS 5.0
CVE-2012-5533 [MEDIUM] CVE-2012-5533: The http_request_split_value function in request
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Debian
CVE-2012-5533: lighttpd - The http_request_split_value function in request.c in lighttpd before 1.4.32 all...
vendor_debian·2012·CVSS 5.0
CVE-2012-5533 [MEDIUM] CVE-2012-5533: lighttpd - The http_request_split_value function in request.c in lighttpd before 1.4.32 all...
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
Scope: local
bookworm: resolved (fixed in 1.4.31-2)
bullseye: resolved (fixed in 1.4.31-2)
forky: resolved (fixed in 1.4.31-2)
sid: resolved (fixed in 1.4.31-2)
trixie: resolved (fixed in 1.4.31-2)
No detection rules found.
Bugzilla
CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers [epel-all]
bugzilla·2012-11-21·CVSS 5.0
CVE-2012-5533 [MEDIUM] CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers [epel-all]
CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: t
Bugzilla
CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers [fedora-all]
bugzilla·2012-11-21·CVSS 5.0
CVE-2012-5533 [MEDIUM] CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers [fedora-all]
CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this
Bugzilla
CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers
bugzilla·2012-11-19·CVSS 5.0
CVE-2012-5533 [MEDIUM] CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers
CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers
A flaw was found in lighttpd version 1.4.31 that could be exploited by a remote user to cause a denial of service condition in lighttpd. A client could send a malformed Connection header to lighttpd (such as "Connection: TE,,Keep-Alive"), which would cause lighttpd to enter an endless loop, detecting an empty token but not incrementing the current string position, causing it to continually read ',' over and over.
This flaw was introduced in 1.4.31 [1] when an "invalid read" bug was fixed [2].
[1] http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2830/diff/
[2] http://redmine.lighttpd.net/issues/2413
Acknowledgement:
Red Hat would like to thank Stefan Bühler for reporting this issue. Upstream a
arXiv
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response
arxiv_fulltext·2017-11-02
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response
Zhen Huang0.25in
Mariana D'Angelo0.25in
Dhaval Miyani0.25in
David Lie
University of Toronto
\z.huang,mariana.dangelo,dhaval.miyani\@mail.utoronto.ca,[email protected]
## Abstract
There is often a considerable delay between the discovery of a vulnerability and the issue of a patch. One way to mitigate this window of vulnerability is to use a configuration workaround, which prevents the vulnerable code from being executed at the cost of some lost functionality -- but only if one is available. Since application configurations are not specifically designed to mitigate software vulnerabilities, we find that they only cover 25.2% of vulnerabilities.
To minimize patch delay vulnerabilities and address the lim
http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patchhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txthttp://lists.opensuse.org/opensuse-updates/2012-11/msg00044.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00051.htmlhttp://marc.info/?l=bugtraq&m=141576815022399&w=2http://osvdb.org/87623http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.htmlhttp://secunia.com/advisories/51268http://secunia.com/advisories/51298http://www.exploit-db.com/exploits/22902http://www.mandriva.com/security/advisories?name=MDVSA-2013:100http://www.openwall.com/lists/oss-security/2012/11/21/1http://www.securityfocus.com/bid/56619http://www.securitytracker.com/id?1027802https://exchange.xforce.ibmcloud.com/vulnerabilities/80213https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0345http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patchhttp://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txthttp://lists.opensuse.org/opensuse-updates/2012-11/msg00044.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00051.htmlhttp://marc.info/?l=bugtraq&m=141576815022399&w=2http://osvdb.org/87623http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.htmlhttp://secunia.com/advisories/51268http://secunia.com/advisories/51298http://www.exploit-db.com/exploits/22902http://www.mandriva.com/security/advisories?name=MDVSA-2013:100http://www.openwall.com/lists/oss-security/2012/11/21/1http://www.securityfocus.com/bid/56619http://www.securitytracker.com/id?1027802https://exchange.xforce.ibmcloud.com/vulnerabilities/80213https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0345
2012-11-24
Published