Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2007-3947

Published: 24/07/2007 Updated: 15/10/2018
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 585
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Subscribe to Lighttpd

Vulnerability Summary

request.c in lighttpd 1.4.15 allows remote malicious users to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lighttpd lighttpd

Vendor Advisories

Debian CVElist Bug Report Logs: Multiple vulnerabilities [CVE-2007-3946] [CVE-2007-3947] [CVE-2007-3948] [CVE-2007-3949] [CVE-2007-3950]
Debian Bug report logs - #434888 Multiple vulnerabilities [CVE-2007-3946] [CVE-2007-3947] [CVE-2007-3948] [CVE-2007-3949] [CVE-2007-3950] Package: lighttpd; Maintainer for lighttpd is Debian QA Group <packages@qadebianorg>; Source for lighttpd is src:lighttpd (PTS, buildd, popcon) Reported by: Adam Majer <adamm@zombino ...

Exploits

Exploit DB: Lighttpd 1.4.15 - Multiple Code Execution / Denial of Service / Information Disclosure Vulnerabilities
source: wwwsecurityfocuscom/bid/24967/info Lighttpd is prone to multiple remote denial-of-service vulnerabilities, a code-execution vulnerability, and an information-disclosure vulnerability An attacker can exploit these issues to execute arbitrary code, access sensitive information, or crash the affected application, denying service to ...

References

NVD-CWE-Otherhttp://trac.lighttpd.net/trac/changeset/1869http://trac.lighttpd.net/trac/ticket/1232http://www.securityfocus.com/bid/24967http://secunia.com/advisories/26130http://secunia.com/advisories/26158http://www.debian.org/security/2007/dsa-1362http://security.gentoo.org/glsa/glsa-200708-11.xmlhttp://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://secunia.com/advisories/26505http://secunia.com/advisories/26593http://www.vupen.com/english/advisories/2007/2585http://osvdb.org/38313http://www.securityfocus.com/archive/1/474131/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434888https://nvd.nist.govhttps://www.exploit-db.com/exploits/30322/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook