CVE-2007-3947

EPSS 20.9%

Published: 7/24/2007Modified: 4/28/2026

Also known as:DEBIAN-CVE-2007-3947

Description

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.

Affected packages (1)

Debian/lighttpdfrom 0, < 1.4.16-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-3947