PRIOn knowledge basePRION:CVE-2007-3947Cross site request forgery (csrf)
6.6 Medium
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.108 Low
EPSS
Percentile
94.9%
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
References
osvdb.org/38313
secunia.com/advisories/26130
secunia.com/advisories/26158
secunia.com/advisories/26505
secunia.com/advisories/26593
security.gentoo.org/glsa/glsa-200708-11.xml
trac.lighttpd.net/trac/changeset/1869
trac.lighttpd.net/trac/ticket/1232
www.debian.org/security/2007/dsa-1362
www.novell.com/linux/security/advisories/2007_15_sr.html
www.securityfocus.com/archive/1/474131/100/0/threaded
www.securityfocus.com/bid/24967
www.vupen.com/english/advisories/2007/2585
Related
6.6 Medium
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.108 Low
EPSS
Percentile
94.9%