CVE-2007-5654 Information

Description

LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a \00.\ sequence followed by a new extension as demonstrated by reading PHP source code via requests for .php00.txt files aka \Mime Type Injection.\

Reference

http://osvdb.org/41867 http://secunia.com/advisories/27302 http://www.litespeedtech.com/latest/litespeed-web-server-3.2.4-released.html http://www.securityfocus.com/bid/26163 https://exchange.xforce.ibmcloud.com/vulnerabilities/37380 https://www.exploit-db.com/exploits/4556