CNNVD-202511-055 Information

CNNVD ID

CNNVD-202511-055

Related CVE

CVE-2025-12642

• CNNVD Published: 2025-11-03

Description (Chinese)

lighttpd是德国Jan Kneschke个人开发者的一款开源的Web服务器。 lighttpd 1.4.80版本存在安全漏洞，该漏洞源于错误地将尾部字段合并到标头中，可能导致HTTP标头走私攻击、绕过访问控制规则和注入不安全输入。

Description (English)

lighttpd is an open-source Web server for Jan Kneschke German personal developer. There is a security loophole in version 1.4.80 of the lighttpd 1.4.80, which stems from the erroneous consolidation of tail fields into the header, which could lead to smuggling attacks at HTTP markers, circumventing access control rules and injecting unsafe inputs.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-03

Last Modified

2026-02-24

References

https://github.com/lig https://access.redhat.com/security/cve/cve-2025-12642

Patch

https://github.com/lighttpd/lighttpd1.4