CVE-2012-5533

Name of the Vulnerable Software and Affected Versions lighttpd versions prior to 1.4.32

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, by sending a request with a header containing an empty token. For example, using the "Connection: TE,,Keep-Alive" header.

Recommendations For versions prior to 1.4.32, update to version 1.4.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the http request split value function in request.c until a patch is available.