Lucene search
HistoryOct 23, 2007 - 9:47 p.m.
CVE-2007-5654
litespeed web server
cve-2007-5654
mime type injection
security vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.1 High
AI Score
Confidence
High
0.242 Low
EPSS
Percentile
96.6%
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a “%00.” sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka “Mime Type Injection.”
Affected configurations
Node
litespeed_technologieslitespeed_web_serverRange≤3.2.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| litespeed_technologies:litespeed_web_server | litespeed technologies litespeed web server | le | 3.2.3 |
Related
nessus
nessus
canvas
canvas
Immunity Canvas: LSHTTPD_DISC
2007-10-23 21:47:00
cvelist
cvelist
CVE-2007-5654
2007-10-23 21:00:00
nvd
nvd
CVE-2007-5654
2007-10-23 21:47:00
prion
prion
Design/Logic Flaw
2007-10-23 21:47:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.1 High
AI Score
Confidence
High
0.242 Low
EPSS
Percentile
96.6%
Related for CVE-2007-5654