CVE-2007-3948

Name of the Vulnerable Software and Affected Versions: lighttpd versions 1.4.15 and prior

Description: The issue allows remote attackers to cause a denial of service or access restricted files. Errors exist in the processing of HTTP headers, mod auth, and the mechanism that limits the number of active connections. Additionally, issues are present in mod scgi, the return value of base64 decode in mod auth, and the header parsing code, which can lead to memory corruption.

Recommendations: For lighttpd versions 1.4.15 and prior, update to version 1.4.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable mod auth and mod scgi modules until a patch is available. Avoid using the base64 decode function in mod auth for basic authentication until the issue is resolved. Restrict the number of active connections to prevent denial of service attacks.