Vigil@nce - lighttpd: denial of service via the Connection header
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a request with a Connection header containing
an empty word, in order to make the server endlessly loop.
Impacted products: openSUSE, Unix (platform)
Severity: 2/4
Creation date: 21/11/2012
DESCRIPTION OF THE VULNERABILITY
Lighttpd is an HTTP server.
An HTTP request contains several headers. The Connection header
indicates how to manage the TCP connection after the request
processing, the value of which may be a list. However, when a word
from this list is the empty string, the server does not correctly
split the list, which leads to an infinite loop.
An attacker can therefore send a request with a Connection header
containing an empty word, in order to make the server endlessly
loop.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/lighttpd-denial-of-service-via-the-Connection-header-12178