Vulnerability in N/a
CVE-2007-5654
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files…
EPSS: 0.591 (98.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.html (x_refsource_CONFIRM)
- 27302 (x_refsource_SECUNIA, third-party-advisory)
- litespeed-mimetype-info-disclosure(37380) (vdb-entry, x_refsource_XF)
- 41867 (x_refsource_OSVDB, vdb-entry)
- 26163 (vdb-entry, x_refsource_BID)
- 4556 (exploit, x_refsource_EXPLOIT-DB)