Описание
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | |
| disco | not-affected | |
| eoan | not-affected | |
| esm-apps/bionic | released | 1.4.45-1ubuntu3.18.04.1+esm1 |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/xenial | released | 1.4.35-4ubuntu2.1+esm1 |
| esm-infra-legacy/trusty | released | 1.4.33-1+nmu2ubuntu2.1+esm1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
Уязвимость модуля mod_alias_physical_handler веб-сервера lighttpd, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
5 Medium
CVSS2
7.5 High
CVSS3