CVE-2007-3947

2007-07-24T00:30:00
ID CVE-2007-3947
Type cve
Reporter cve@mitre.org
Modified 2018-10-15T21:32:00

Description

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault. Vendor has addressed this vulnerability in an upgrade: http://trac.lighttpd.net/trac/