Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/lighttpd@0?distro=trixie

Type deb

Namespace debian

Name lighttpd

Version 0

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.4.15-1

Latest_non_vulnerable_version 1.4.82-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-ew7v-cp7g-ebgk

vulnerability_id VCID-ew7v-cp7g-ebgk

summary

lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.

Successful exploitation may allow an attacker to:

  *  Bypass access control rules
  *  Inject unsafe input into backend logic that trusts request headers
  *  Execute HTTP Request Smuggling attacks under some conditions


This issue affects lighttpd1.4.80

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-12642

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13758
published_at	2026-04-02T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17119
published_at	2026-04-09T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17195
published_at	2026-04-04T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16973
published_at	2026-04-07T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17063
published_at	2026-04-08T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17095
published_at	2026-04-11T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17049
published_at	2026-04-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19965
published_at	2026-04-21T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19968
published_at	2026-04-18T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19985
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-12642

reference_url

https://github.com/lighttpd/lighttpd1.4/commit/35cb89c103877de62d6b63d0804255475d77e5e1

reference_id

35cb89c103877de62d6b63d0804255475d77e5e1

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-03T19:43:55Z/

url

https://github.com/lighttpd/lighttpd1.4/commit/35cb89c103877de62d6b63d0804255475d77e5e1

fixed_packages

url	pkg:deb/debian/lighttpd@0?distro=trixie
purl	pkg:deb/debian/lighttpd@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@0%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie

aliases CVE-2025-12642

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ew7v-cp7g-ebgk

url VCID-urr4-ejv1-xyh7

vulnerability_id VCID-urr4-ejv1-xyh7

summary Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2469

reference_id

reference_type

scores

value	0.00513
scoring_system	epss
scoring_elements	0.66406
published_at	2026-04-01T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66445
published_at	2026-04-02T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66471
published_at	2026-04-04T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66442
published_at	2026-04-07T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66491
published_at	2026-04-08T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66504
published_at	2026-04-09T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66524
published_at	2026-04-11T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66512
published_at	2026-04-12T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66481
published_at	2026-04-13T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66516
published_at	2026-04-16T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66534
published_at	2026-04-18T12:55:00Z

value	0.00513
scoring_system	epss
scoring_elements	0.66518
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2469

fixed_packages

url	pkg:deb/debian/lighttpd@0?distro=trixie
purl	pkg:deb/debian/lighttpd@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@0%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie

url	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl	pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie

aliases CVE-2014-2469

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urr4-ejv1-xyh7

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@0%3Fdistro=trixie

Package Instance