CVE-2007-3946

EPSS 4.7%

lighttpd - several vulnerabilities

Published: 7/24/2007Modified: 4/28/2026

Also known as:DEBIAN-CVE-2007-3946

Description

mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.

Affected packages (2)

Debian/lighttpdfrom 0, < 1.4.16-1
Debian/lighttpdfrom 0, < 1.4.13-4etch4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-3946