CVE-2007-5824

Name of the Vulnerable Software and Affected Versions Firefly Media Server versions 0.2.4 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending a stats method action to the "/xml-rpc" API endpoint with either an empty Authorization header line, which triggers a crash in the ws decodepassword() function, or a header line without a ':' character, which triggers a crash in the ws getheaders() function.

Recommendations For Firefly Media Server versions 0.2.4 and earlier, as a temporary workaround, consider restricting access to the "/xml-rpc" API endpoint to minimize the risk of exploitation. Avoid using empty or malformed Authorization header lines in requests to this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.