Описание
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:lighttpd:lighttpd:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.13:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.15:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.0075
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
EPSS
Процентиль: 73%
0.0075
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other