Activity
From 2026-05-13 to 2026-05-19
2026-05-18
- GS 19:27 Lighttpd Bug #3309 (Patch Pending): [HTTP Response Smuggling] Invalid backend Content-Length is forwarded to clients
- TY 07:40 Lighttpd Bug #3309: [HTTP Response Smuggling] Invalid backend Content-Length is forwarded to clients
- gstrauss wrote in #note-1:
> Thank you for reporting this. Yes, this is a bug in lighttpd.
> ...
Hi
Credit to: type5afe (https://linkedin.com/in/m-indra-purnama)
Thanks - GS 07:00 Lighttpd Bug #3309: [HTTP Response Smuggling] Invalid backend Content-Length is forwarded to clients
- Thank you for reporting this. Yes, this is a bug in lighttpd.
https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length dictates - SD 16:54 Lighttpd Feature #3305: connection.errors-per-second, connection.hard-error-limit
- SD 16:47 Lighttpd Feature #3305: connection.errors-per-second, connection.hard-error-limit
2026-05-17
- TY 13:51 Lighttpd Bug #3309 (Patch Pending): [HTTP Response Smuggling] Invalid backend Content-Length is forwarded to clients
- *Summary*
**CWE**: _CWE-444_ - Inconsistent Interpretation of HTTP Requests/Responses
lighttpd 1.4.82 parses `Content-Length` from backend responses with a strict integer parser, but when parsing fails it still forwards the invalid `...
2026-05-15
- SD 14:34 Lighttpd Feature #3305: connection.errors-per-second, connection.hard-error-limit