Description

connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.

Remediation

References

CVE-2007-3948

Related Vulnerabilities

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4791)

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3783)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2009-1386)

Resin Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2012-2968)

WordPress Plugin Hero Maps Premium Cross-Site Scripting (2.2.1)

Severity

Medium

Classification

CVE-2007-3948

Tags

Missing Update Known Vulnerabilities