QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-4359

Back to search

CVE-2008-4359

Published: Oct 3, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

VendorProductVersions

n/a

n/a

affected
n/a

References

32069
third-party-advisory
x_refsource_SECUNIA
32972
third-party-advisory
x_refsource_SECUNIA
31599
vdb-entry
x_refsource_BID
32834
third-party-advisory
x_refsource_SECUNIA
32132
third-party-advisory
x_refsource_SECUNIA
20081030 rPSA-2008-0309-1 lighttpd
mailing-list
x_refsource_BUGTRAQ
ADV-2008-2741
vdb-entry
x_refsource_VUPEN
DSA-1645
vendor-advisory
x_refsource_DEBIAN
32480
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:026
vendor-advisory
x_refsource_SUSE
GLSA-200812-04
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now