Skip to main content

Lighttpd

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-12642 MEDIUM PATCH This Month

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Authentication Bypass Request Smuggling Lighttpd
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-12642
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Authentication Bypass Request Smuggling Lighttpd
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy