Mime Type Injection Vulnerability in LiteSpeed Web Server
CVE-2007-5654

Currently unrated

Key Information:

Vendor

Litespeed Technologies

Status
Litespeed Web Server
Vendor
CVE Published:
23 October 2007

What is CVE-2007-5654?

An issue has been identified in LiteSpeed Web Server prior to version 3.2.4 that enables remote attackers to manipulate MIME types through specially crafted requests. This vulnerability allows an attacker to exploit a '%00.' sequence, which can lead to unauthorized file access, including the ability to read sensitive files like PHP source code. The impact is significant as it can expose critical information that can be leveraged for further attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.litespeedtech.com/latest/litespeed-web-server-...
x_refsource_CONFIRM
http://secunia.com/advisories/27302
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/37380
vdb-entryx_refsource_XF

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.