CVE-2007-3947

Name of the Vulnerable Software and Affected Versions: lighttpd versions 1.4.15 and prior

Description: The issue allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers. Additionally, errors in processing HTTP headers, mod auth, and parsing Auth-Digest headers can be exploited to cause a denial of service. Other errors exist in limiting active connections, processing HTTP requests, and mod scgi, which can also lead to a denial of service or allow access to restricted files. A memory corruption issue is also present due to improper header parsing.

Recommendations: For lighttpd versions 1.4.15 and prior, update to a version that fixes these issues to prevent denial of service and other potential problems. As a temporary workaround, consider restricting access to the mod auth module and mod scgi until a patch is available. Avoid using the Location header with duplicate lines in HTTP requests until the issue is resolved. Restrict access to sensitive files by ensuring proper URL handling to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.