CVE-2007-3949

Published: Jul 24, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it

x_refsource_CONFIRM

38311

vdb-entry

x_refsource_OSVDB

26158

third-party-advisory

x_refsource_SECUNIA

ADV-2007-2585

vdb-entry

x_refsource_VUPEN

26130

third-party-advisory

x_refsource_SECUNIA

20070719 rPSA-2007-0145-1 lighttpd

mailing-list

x_refsource_BUGTRAQ

24967

vdb-entry

x_refsource_BID

26593

third-party-advisory

x_refsource_SECUNIA

DSA-1362

vendor-advisory

x_refsource_DEBIAN

GLSA-200708-11

vendor-advisory

x_refsource_GENTOO

http://trac.lighttpd.net/trac/changeset/1871

x_refsource_MISC

http://trac.lighttpd.net/trac/ticket/1230

x_refsource_CONFIRM

SUSE-SR:2007:015

vendor-advisory

x_refsource_SUSE

26505

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-3949

Description

Affected Products

References