Robert Jakabosky

Name of the Vulnerable Software and Affected Versions: lighttpd versions 1.4.12 through 1.4.13 Description: The issue allows remote attackers to cause a denial of service by consuming CPU and resources. This is achieved by disconnecting while the software is parsing CRLF sequences, triggering an infinite loop and file descriptor consumption. Recommendations: For versions 1.4.12 and 1.4.13, consider restricting access to prevent remote attackers from disconnecting during the parsing of CRLF sequences as a temporary workaround until a patch is available.