Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-3946

Disclosure Date: July 24, 2007
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

Technical Analysis