lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-10-03T17:18:00
Updated: 2024-08-07T10:17:08.779Z
Reserved: 2008-09-30T00:00:00
Link: CVE-2008-4359
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2008-10-03T17:41:40.430
Modified: 2018-11-29T15:46:27.457
Link: CVE-2008-4359
Redhat