Litespeed · Litespeed Web Server · CVE-2007-5654
**Name of the Vulnerable Software and Affected Versions**
LiteSpeed Web Server versions prior to 3.2.4
**Description**
The issue allows remote attackers to trigger the use of an arbitrary MIME type for a file. This can be achieved by including a "%00." sequence followed by a new extension in a request. For example, an attacker could read PHP source code by requesting .php%00.txt files.
**Recommendations**
For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.