Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ew7v-cp7g-ebgk
Summary
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.

Successful exploitation may allow an attacker to:

  *  Bypass access control rules
  *  Inject unsafe input into backend logic that trusts request headers
  *  Execute HTTP Request Smuggling attacks under some conditions


This issue affects lighttpd1.4.80
Aliases
0
alias CVE-2025-12642
Fixed_packages
0
url pkg:deb/debian/lighttpd@0?distro=trixie
purl pkg:deb/debian/lighttpd@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@0%3Fdistro=trixie
1
url pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.59-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.59-1%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.69-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.69-1%3Fdistro=trixie
3
url pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.79-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.79-2%3Fdistro=trixie
4
url pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
purl pkg:deb/debian/lighttpd@1.4.82-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/lighttpd@1.4.82-2%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12642
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13758
published_at 2026-04-02T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17119
published_at 2026-04-09T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.17195
published_at 2026-04-04T12:55:00Z
3
value 0.00054
scoring_system epss
scoring_elements 0.16973
published_at 2026-04-07T12:55:00Z
4
value 0.00054
scoring_system epss
scoring_elements 0.17063
published_at 2026-04-08T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.17095
published_at 2026-04-11T12:55:00Z
6
value 0.00054
scoring_system epss
scoring_elements 0.17049
published_at 2026-04-12T12:55:00Z
7
value 0.00064
scoring_system epss
scoring_elements 0.19965
published_at 2026-04-16T12:55:00Z
8
value 0.00064
scoring_system epss
scoring_elements 0.19968
published_at 2026-04-18T12:55:00Z
9
value 0.00064
scoring_system epss
scoring_elements 0.19985
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12642
1
reference_url https://github.com/lighttpd/lighttpd1.4/commit/35cb89c103877de62d6b63d0804255475d77e5e1
reference_id 35cb89c103877de62d6b63d0804255475d77e5e1
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-03T19:43:55Z/
url https://github.com/lighttpd/lighttpd1.4/commit/35cb89c103877de62d6b63d0804255475d77e5e1
Weaknesses
0
cwe_id 444
name Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
description The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
Exploits
Severity_range_score6.9 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ew7v-cp7g-ebgk