VYPR
Unrated severityNVD Advisory· Published Jul 24, 2007· Updated Jun 16, 2026

CVE-2007-3946

CVE-2007-3946

Description

mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lighttpd/Lighttpd2 versions
    cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*range: <=1.4.15
    • (no CPE)range: <1.4.16

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.