ID CVE-2012-5533
Summary The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
References
Vulnerable Configurations
  • lighttpd 1.4.32
    cpe:2.3:a:lighttpd:lighttpd:1.4.32
  • lighttpd 1.4.31
    cpe:2.3:a:lighttpd:lighttpd:1.4.31
CVSS
Base: 5.0 (as of 26-11-2012 - 14:09)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description lighttpd 1.4.31 - Denial of Service PoC. CVE-2012-5533. Dos exploit for linux platform
file exploits/linux/dos/22902.sh
id EDB-ID:22902
last seen 2016-02-02
modified 2012-11-22
platform linux
port
published 2012-11-22
reporter t4c
source https://www.exploit-db.com/download/22902/
title lighttpd 1.4.31 - Denial of Service PoC
type dos
nessus via4
  • NASL family Web Servers
    NASL id LIGHTTPD_1_4_32.NASL
    description According to its banner, the version of lighttpd running on the remote host is 1.4.31. It is, therefore, affected by a denial of service vulnerability. An error in the http_request_split_value() function in 'src/request.c' can cause the application to enter an endless loop when handling specially crafted 'Connection' header requests. Note that Nessus has not tested for this issue but has instead relied only on the version in the server's banner.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 63094
    published 2012-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63094
    title lighttpd 1.4.31 http_request_split_value Function Header Handling DoS
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-100.NASL
    description The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the Connection: TE,,Keep-Alive header (CVE-2012-5533).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 66112
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66112
    title Mandriva Linux Security Advisory : lighttpd (MDVSA-2013:100)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-801.NASL
    description - Fixing bnc#790258 CVE-2012-5533: Denial of Service via specially crafted HTTP header. Added patches: 0001-Fix-DoS-in-header-value-split-reported-by-Jesse-Sip p.patch 0001-remove-whitespace-at-end-of-header-keys.patch
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74819
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74819
    title openSUSE Security Update : lighttpd (openSUSE-SU-2012:1532-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-179.NASL
    description The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the 'Connection: TE,,Keep-Alive' header.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69738
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69738
    title Amazon Linux AMI : lighttpd (ALAS-2013-179)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-15345.NASL
    description One important denial of service (in 1.4.31) fix: CVE-2012-5533. A flaw was found in lighttpd version 1.4.31 that could be exploited by a remote user to cause a denial of service condition in lighttpd. A client could send a malformed Connection header to lighttpd (such as 'Connection: TE,,Keep-Alive'), which would cause lighttpd to enter an endless loop, detecting an empty token but not incrementing the current string position, causing it to continually read ',' over and over. This flaw was introduced in 1.4.31 [1] when an 'invalid read' bug was fixed [2]. [1] http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/283 0/diff/ [2] http://redmine.lighttpd.net/issues/2413 Acknowledgement : Red Hat would like to thank Stefan Buhler for reporting this issue. Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc. as the original reporter. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 69775
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69775
    title Fedora 19 : lighttpd-1.4.32-1.fc19 (2013-15345)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1CD3CA4233E611E2A2555404A67EEF98.NASL
    description Lighttpd security advisory reports : Certain Connection header values will trigger an endless loop, for example : 'Connection: TE,,Keep-Alive' On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading the ',' again and again. This bug was introduced in 1.4.31, when we fixed an 'invalid read' bug (it would try to read the byte before the string if it started with ',', although the value wasn't actually used).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63016
    published 2012-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63016
    title FreeBSD : lighttpd -- remote DoS in header parsing (1cd3ca42-33e6-11e2-a255-5404a67eef98)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-15344.NASL
    description One important denial of service (in 1.4.31) fix: CVE-2012-5533. A flaw was found in lighttpd version 1.4.31 that could be exploited by a remote user to cause a denial of service condition in lighttpd. A client could send a malformed Connection header to lighttpd (such as 'Connection: TE,,Keep-Alive'), which would cause lighttpd to enter an endless loop, detecting an empty token but not incrementing the current string position, causing it to continually read ',' over and over. This flaw was introduced in 1.4.31 [1] when an 'invalid read' bug was fixed [2]. [1] http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/283 0/diff/ [2] http://redmine.lighttpd.net/issues/2413 Acknowledgement : Red Hat would like to thank Stefan Buhler for reporting this issue. Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc. as the original reporter. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 69774
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69774
    title Fedora 18 : lighttpd-1.4.32-1.fc18 (2013-15344)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-10 (lighttpd: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in lighttpd. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could create a Denial of Service condition. Futhermore, a remote attacker may be able to execute arbitrary SQL statements. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 76062
    published 2014-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76062
    title GLSA-201406-10 : lighttpd: Multiple vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/118282/simplelighttpd-dos.txt
id PACKETSTORM:118282
last seen 2016-12-05
published 2012-11-22
reporter Milan Berger
source https://packetstormsecurity.com/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html
title Simple Lighttpd 1.4.31 Denial Of Service
refmap via4
bid 56619
confirm
exploit-db 22902
hp HPSBGN03191
mandriva MDVSA-2013:100
misc
mlist [oss-security] 20121121 lighttpd 1.4.32 released, fixing CVE-2012-5533
osvdb 87623
sectrack 1027802
secunia
  • 51268
  • 51298
suse
  • openSUSE-SU-2012:1532
  • openSUSE-SU-2014:0074
xf lighttpd-httprequestsplitvalue-dos(80213)
Last major update 22-08-2016 - 22:06
Published 24-11-2012 - 15:55
Last modified 28-08-2017 - 21:32
Back to Top