Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Lighttpd Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability - CVE-2025-12642 - Vulnerability Database
Lighttpd

Lighttpd Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability - CVE-2025-12642

Critical
Reference: CVE-2025-12642
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-12642
Title: Lighttpd Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
Overview:

lighttpd1.4.80 incorrectly merged trailer fields into headersafter http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: Bypass access control rules Inject unsafe input into backend logic that trusts request headers Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80