Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Header Smuggling via Trailer Merge
Vulnerability Description
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80
CVSS Information
N/A
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
lighttpd 安全漏洞
Vulnerability Description
lighttpd是德国Jan Kneschke个人开发者的一款开源的Web服务器。 lighttpd 1.4.80版本存在安全漏洞,该漏洞源于错误地将尾部字段合并到标头中,可能导致HTTP标头走私攻击、绕过访问控制规则和注入不安全输入。
CVSS Information
N/A
Vulnerability Type
N/A