Description

mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.

Remediation

References

CVE-2007-3946

Related Vulnerabilities

Oracle Database Server CVE-2006-0283 Vulnerability (CVE-2006-0283)

Oracle HTTP Server CVE-2021-25219 Vulnerability (CVE-2021-25219)

WordPress Plugin User Domain Whitelist Multiple Vulnerabilities (1.4)

WordPress Plugin WP Inventory Manager Unspecified Vulnerability (1.8.1)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.31)

Severity

Medium

Classification

CVE-2007-3946

Tags

Missing Update Known Vulnerabilities