Strix
26.1K

CVE-2007-5654

UnknownEPSS 41.06%

Last modified

CVE-2007-5654 is a vulnerability of currently unknown severity. LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection.". EPSS estimates a 41.06% chance of exploitation in the next 30 days.

Description

LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."

Metrics

EPSS Probability
41.06%

98.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Litespeed TechnologiesLitespeed Web Server<= 3.2.3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-5654?
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."
How severe is CVE-2007-5654?
Severity scoring for CVE-2007-5654 is pending analysis. The EPSS model estimates a 41.06% probability of exploitation in the next 30 days.
How do I fix CVE-2007-5654?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-5654?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST