what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2012-5533

Status Candidate

Overview

The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.

Related Files

HP Security Bulletin HPSBGN03191 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03191 1 - A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd. These vulnerabilities could be exploited remotely resulting in disclosure of information, elevation of privilege, SQL injection, or to create a Denial of Service (DoS). These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the lighttpd based vCAS Web Server. Revision 1 of this advisory.

tags | advisory, remote, web, denial of service, vulnerability
advisories | CVE-2012-5533, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324, CVE-2014-3566
SHA-256 | 6f968d85b22f5fbfed109939f90483ff9eef7b3027bef59336a2b90ece346765
Gentoo Linux Security Advisory 201406-10
Posted Jun 16, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-10 - Multiple vulnerabilities have been found in lighttpd, allowing remote attackers cause a Denial of Service condition or execute arbitrary SQL statements. Versions less than 1.4.35 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4362, CVE-2012-5533, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323
SHA-256 | e017516a6f3a848b9abd4c61f5d7bd6822ea6e44021b22c85ae960c93b959e14
Mandriva Linux Security Advisory 2013-100
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-100 - The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service via a request with a header containing an empty token, as demonstrated using the Connection: TE,,Keep-Alive header.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-5533
SHA-256 | 22be207a6d4296eb91de3d6af14859bdba5fa94fb7ecb8401dc6835e88c874da
Simple Lighttpd 1.4.31 Denial Of Service
Posted Nov 22, 2012
Authored by Milan Berger

Simple Lighttpd version 1.4.31 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2012-5533
SHA-256 | bb9db2d5fb90777223307f529d060fc6a280653ad1ae2d1bd6798d5cfd9126c8
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    12 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close