Tag: lighttpd

All the articles with the tag "lighttpd".

• [CVE-2025-12642] lighttpd Trailer Handling Bug Enables HTTP Header Smuggling

  4 Nov, 2025

  lighttpd 1.4.80 merges disallowed HTTP trailer fields into the request header block. Attackers can abuse the flaw for header smuggling that bypasses access controls or poisons backend requests.