Search criteria
2 vulnerabilities by lighttpd
CVE-2025-12642 (GCVE-0-2025-12642)
Vulnerability from cvelistv5 – Published: 2025-11-03 19:36 – Updated: 2025-11-03 19:44
VLAI?
Title
HTTP Header Smuggling via Trailer Merge
Summary
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.
Successful exploitation may allow an attacker to:
* Bypass access control rules
* Inject unsafe input into backend logic that trusts request headers
* Execute HTTP Request Smuggling attacks under some conditions
This issue affects lighttpd1.4.80
Severity ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Credits
Sebastiano Sartor <@sebsrt>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T19:43:55.914894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:09.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"mod_proxy"
],
"packageName": "lighttpd1.4",
"product": "lighttpd",
"repo": "https://git.lighttpd.net/lighttpd/lighttpd1.4",
"vendor": "lighttpd",
"versions": [
{
"lessThan": "1.4.81",
"status": "affected",
"version": "1.4.80",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.81",
"versionStartIncluding": "1.4.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sebastiano Sartor \u003c@sebsrt\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003elighttpd1.4.80 incorrectly merged trailer fields into headers\u0026nbsp;after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.\u003c/p\u003e\u003cp\u003eSuccessful exploitation may allow an attacker to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eBypass access control rules\u003c/li\u003e\u003cli\u003eInject unsafe input into backend logic that trusts request headers\u003c/li\u003e\u003cli\u003eExecute HTTP Request Smuggling attacks under some conditions\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis issue affects lighttpd1.4.80\u003c/p\u003e"
}
],
"value": "lighttpd1.4.80 incorrectly merged trailer fields into headers\u00a0after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.\n\nSuccessful exploitation may allow an attacker to:\n\n * Bypass access control rules\n * Inject unsafe input into backend logic that trusts request headers\n * Execute HTTP Request Smuggling attacks under some conditions\n\n\nThis issue affects lighttpd1.4.80"
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
},
{
"capecId": "CAPEC-33",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-33 HTTP Request Smuggling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T19:36:17.011Z",
"orgId": "1c6b5737-9389-4011-8117-89fa251edfb2",
"shortName": "Toreon"
},
"references": [
{
"url": "https://github.com/lighttpd/lighttpd1.4/commit/35cb89c103877de62d6b63d0804255475d77e5e1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTTP Header Smuggling via Trailer Merge",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1c6b5737-9389-4011-8117-89fa251edfb2",
"assignerShortName": "Toreon",
"cveId": "CVE-2025-12642",
"datePublished": "2025-11-03T19:36:17.011Z",
"dateReserved": "2025-11-03T19:34:17.666Z",
"dateUpdated": "2025-11-03T19:44:09.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25103 (GCVE-0-2018-25103)
Vulnerability from cvelistv5 – Published: 2024-06-17 18:02 – Updated: 2025-09-15 20:05
VLAI?
Title
Use-after-free vulnerabilities in lighttpd <= 1.4.50
Summary
There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.
Severity ?
5.3 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
Credits
Thanks to VDOO Embedded Security part of JFROG for reporting the vulnerability in the If-Modified-Since header with line folding, and thanks to Marcus Wengelin for reporting the vulnerability in the Range header with a specially crafted pair of Range headers.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lighttpd",
"vendor": "lighttpd",
"versions": [
{
"lessThanOrEqual": "1.4.50",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-25103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T20:05:27.032213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T20:05:35.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.runzero.com/blog/lighttpd/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/312260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lighttpd",
"vendor": "lighttpd",
"versions": [
{
"lessThanOrEqual": "1.4.50",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to VDOO Embedded Security part of JFROG for reporting the vulnerability in the If-Modified-Since header with line folding, and thanks to Marcus Wengelin for reporting the vulnerability in the Range header with a specially crafted pair of Range headers."
}
],
"descriptions": [
{
"lang": "en",
"value": "There exists use-after-free vulnerabilities in lighttpd \u003c= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-416: Use After Free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T14:45:06.732Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736"
},
{
"url": "https://www.runzero.com/blog/lighttpd/"
},
{
"url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9"
},
{
"url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8"
},
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf"
},
{
"url": "https://www.kb.cert.org/vuls/id/312260"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free vulnerabilities in lighttpd \u003c= 1.4.50",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2018-25103"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-25103",
"datePublished": "2024-06-17T18:02:57.162Z",
"dateReserved": "2024-06-17T17:47:24.277Z",
"dateUpdated": "2025-09-15T20:05:35.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}