Lighttpd

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-12642 MEDIUM PATCH This Month

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Lighttpd

NVD GitHub

CVSS 4.0

6.9

EPSS

0.1%

CVE-2025-12642

EPSS 0% CVSS 6.9

MEDIUM PATCH This Month

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Lighttpd

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy