Описание
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.4.11-3ubuntu3.8 |
| devel | released | 1.4.18-1ubuntu6 |
| edgy | released | 1.4.13~r1370-1ubuntu1.6 |
| feisty | released | 1.4.13-9ubuntu4.5 |
| gutsy | released | 1.4.18-1ubuntu1.3 |
| upstream | needed |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not s ...
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.
EPSS
5 Medium
CVSS2