CVE-2007-5654

Name of the Vulnerable Software and Affected Versions LiteSpeed Web Server versions prior to 3.2.4

Description The issue allows remote attackers to trigger the use of an arbitrary MIME type for a file. This can be achieved by including a "%00." sequence followed by a new extension in a request. For example, an attacker could read PHP source code by requesting .php%00.txt files.

Recommendations For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.