CVE-2007-3947
published 2007-07-24CVE-2007-3947: request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as…
PriorityP427medium5.8CVSS 2.0
AVNACMAuNCPINAP
EXPLOIT
EPSS
8.07%
94.1th percentile
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lighttpd | < lighttpd 1.4.16-1 (bookworm) | lighttpd 1.4.16-1 (bookworm) |
| lighttpd | lighttpd | <= 1.4.15 | — |
| lighttpd | lighttpd | >= 0 < 1.4.16-1 | 1.4.16-1 |
| lighttpd | lighttpd | >= 0 < 1.4.16-1 | 1.4.16-1 |
| lighttpd | lighttpd | >= 0 < 1.4.16-1 | 1.4.16-1 |
| lighttpd | lighttpd | >= 0 < 1.4.16-1 | 1.4.16-1 |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
osv5.8MEDIUM
vendor_debian5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x97h-9f4h-rj28: request
ghsa_unreviewed·2022-05-01
CVE-2007-3947 [MEDIUM] GHSA-x97h-9f4h-rj28: request
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
OSV
CVE-2007-3947: request
osv·2007-07-24·CVSS 5.8
CVE-2007-3947 [MEDIUM] CVE-2007-3947: request
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
Debian
CVE-2007-3947: lighttpd - request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of servic...
vendor_debian·2007·CVSS 5.8
CVE-2007-3947 [MEDIUM] CVE-2007-3947: lighttpd - request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of servic...
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
Scope: local
bookworm: resolved (fixed in 1.4.16-1)
bullseye: resolved (fixed in 1.4.16-1)
forky: resolved (fixed in 1.4.16-1)
sid: resolved (fixed in 1.4.16-1)
trixie: resolved (fixed in 1.4.16-1)
No detection rules found.
http://osvdb.org/38313http://secunia.com/advisories/26130http://secunia.com/advisories/26158http://secunia.com/advisories/26505http://secunia.com/advisories/26593http://security.gentoo.org/glsa/glsa-200708-11.xmlhttp://trac.lighttpd.net/trac/changeset/1869http://trac.lighttpd.net/trac/ticket/1232http://www.debian.org/security/2007/dsa-1362http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.securityfocus.com/archive/1/474131/100/0/threadedhttp://www.securityfocus.com/bid/24967http://www.vupen.com/english/advisories/2007/2585http://osvdb.org/38313http://secunia.com/advisories/26130http://secunia.com/advisories/26158http://secunia.com/advisories/26505http://secunia.com/advisories/26593http://security.gentoo.org/glsa/glsa-200708-11.xmlhttp://trac.lighttpd.net/trac/changeset/1869http://trac.lighttpd.net/trac/ticket/1232http://www.debian.org/security/2007/dsa-1362http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.securityfocus.com/archive/1/474131/100/0/threadedhttp://www.securityfocus.com/bid/24967http://www.vupen.com/english/advisories/2007/2585
2007-07-24
Published