Mandriva Linux Security Advisory 2013-100 - The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service via a request with a header containing an empty token, as demonstrated using the Connection: TE,,Keep-Alive header.
22be207a6d4296eb91de3d6af14859bdba5fa94fb7ecb8401dc6835e88c874da