← back
CVE-2007-5654

CVE-2007-5654

EPSS 41.1%
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/4556unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/41867http://secunia.com/advisories/27302https://exchange.xforce.ibmcloud.com/vulnerabilities/37380https://www.exploit-db.com/exploits/4556http://www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.htmlhttp://www.securityfocus.com/bid/26163