Lighttpd · Lighttpd · CVE-2012-5533
**Name of the Vulnerable Software and Affected Versions**
lighttpd versions prior to 1.4.32
**Description**
The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, by sending a request with a header containing an empty token. For example, using the "Connection: TE,,Keep-Alive" header.
**Recommendations**
For versions prior to 1.4.32, update to version 1.4.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the `http request split value` function in request.c until a patch is available.