Описание
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Ссылки
- Third Party Advisory
- Mailing List
- Mailing List
- Mailing List
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS2
Дефекты
Связанные уязвимости
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redire ...
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
EPSS
7.5 High
CVSS2