Description

mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.

Remediation

References

CVE-2007-3946

Related Vulnerabilities

WordPress Plugin Pondol Form to Mail Cross-Site Scripting (1.1)

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.19)

WordPress Plugin Digital River Global Commerce Supply Chain Attack [Polyfill.io] (2.0.2)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)

Severity

Medium

Classification

CVE-2007-3946

Tags

Missing Update Known Vulnerabilities