Lighttpd security advisory reports:
Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive"
On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading the ',' again and again.
This bug was introduced in 1.4.31, when we fixed an "invalid read" bug (it would try to read the byte before the string if it started with ',', although the value wasn't actually used).
Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.