lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-03T17:18:00

Updated: 2024-08-07T10:17:08.779Z

Reserved: 2008-09-30T00:00:00

Link: CVE-2008-4359

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2008-10-03T17:41:40.430

Modified: 2018-11-29T15:46:27.457

Link: CVE-2008-4359

cve-icon Redhat

Severity : Moderate

Publid Date: 2008-07-14T00:00:00Z

Links: CVE-2008-4359 - Bugzilla