CVE-2025-12642
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.
Successful exploitation may allow an attacker to:
* Bypass access control rules
* Inject unsafe input into backend logic that trusts request headers
* Execute HTTP Request Smuggling attacks under some conditions
This issue affects lighttpd1.4.80
Successful exploitation may allow an attacker to:
* Bypass access control rules
* Inject unsafe input into backend logic that trusts request headers
* Execute HTTP Request Smuggling attacks under some conditions
This issue affects lighttpd1.4.80
Vendor
Product
CWE
Yayın Tarihi
2025-11-03 20:17:06
Güncelleme
2025-11-12 14:34:27
Source Identifier
1c6b5737-9389-4011-8117-89fa251edfb2
KEV Date Added
-