Описание
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.18 (включая)
cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06276
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
ubuntu
больше 17 лет назад
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
debian
больше 17 лет назад
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not s ...
github
больше 3 лет назад
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
EPSS
Процентиль: 91%
0.06276
Низкий
5 Medium
CVSS2
Дефекты
CWE-200