CVE-2007-3947
EPSS 20.9%
Description
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
How to fix CVE-2007-3947
To remediate CVE-2007-3947, upgrade the affected package to a fixed version below.
- Debian/lighttpd—upgrade to 1.4.16-1 or later
Is CVE-2007-3947 being exploited?
Moderate — EPSS is 20.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.4.16-1