Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0814

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0814
Last Modified 07 Mar 2011 09:30:51
Published 06 Mar 2006 04:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0814

Summary

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.

Vulnerable Systems

Application

  • Lighttpd 1.0.2

  • Lighttpd 1.0.3

  • Lighttpd 1.1.0

  • Lighttpd 1.1.1

  • Lighttpd 1.1.2

  • Lighttpd 1.1.3

  • Lighttpd 1.1.4

  • Lighttpd 1.1.5

  • Lighttpd 1.1.6

  • Lighttpd 1.1.7

  • Lighttpd 1.1.8

  • Lighttpd 1.1.9

  • Lighttpd 1.2.0

  • Lighttpd 1.2.1

  • Lighttpd 1.2.2

  • Lighttpd 1.2.3

  • Lighttpd 1.2.4

  • Lighttpd 1.2.5

  • Lighttpd 1.2.6

  • Lighttpd 1.2.7

  • Lighttpd 1.2.8

  • Lighttpd 1.3.0

  • Lighttpd 1.3.1

  • Lighttpd 1.3.10

  • Lighttpd 1.3.11

  • Lighttpd 1.3.12

  • Lighttpd 1.3.13

  • Lighttpd 1.3.14

  • Lighttpd 1.3.15

  • Lighttpd 1.3.16

  • Lighttpd 1.3.2

  • Lighttpd 1.3.3

  • Lighttpd 1.3.4

  • Lighttpd 1.3.5

  • Lighttpd 1.3.6

  • Lighttpd 1.3.7

  • Lighttpd 1.3.8

  • Lighttpd 1.3.9

  • Lighttpd 1.4.0

  • Lighttpd 1.4.1

  • Lighttpd 1.4.10

  • Lighttpd 1.4.2

  • Lighttpd 1.4.3

  • Lighttpd 1.4.4

  • Lighttpd 1.4.5

  • Lighttpd 1.4.6

  • Lighttpd 1.4.7

  • Lighttpd 1.4.8

  • Lighttpd 1.4.9


References

BUGTRAQ - 20060301 Secunia Research: Lighttpd Script Source Disclosure Vulnerability

MISC - http://secunia.com/secunia_research/2006-9/advisory/

SECUNIA - 18886

XF - lighttpd-source-code-disclosure(24976)

VUPEN - ADV-2006-0782

OSVDB - 23542

CONFIRM - http://trac.lighttpd.net/trac/changeset/1005

BID - 16893

SECTRACK - 1015703

SREASON - 523


Last Updated: 27 May 2016 10:41:48