Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4359

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-4359
Last Modified 07 Mar 2011 10:12:19
Published 03 Oct 2008 01:41:40
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4359

Summary

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

Vulnerable Systems

Application

  • Lighttpd

  • Lighttpd 1.0.2

  • Lighttpd 1.0.3

  • Lighttpd 1.1.0

  • Lighttpd 1.1.1

  • Lighttpd 1.1.2

  • Lighttpd 1.1.3

  • Lighttpd 1.1.4

  • Lighttpd 1.1.5

  • Lighttpd 1.1.6

  • Lighttpd 1.1.7

  • Lighttpd 1.1.8

  • Lighttpd 1.1.9


References

CONFIRM - http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch

XF - lighttpd-urlredirect-rewrite-info-disclosure(45690)

VUPEN - ADV-2008-2741

BID - 31599

BUGTRAQ - 20081030 rPSA-2008-0309-1 lighttpd

CONFIRM - http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt

DEBIAN - DSA-1645

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0309

CONFIRM - http://trac.lighttpd.net/trac/ticket/1720

CONFIRM - http://trac.lighttpd.net/trac/changeset/2310

CONFIRM - http://trac.lighttpd.net/trac/changeset/2309

CONFIRM - http://trac.lighttpd.net/trac/changeset/2307

CONFIRM - http://trac.lighttpd.net/trac/changeset/2278

GENTOO - GLSA-200812-04

SECUNIA - 32972

SECUNIA - 32834

SECUNIA - 32480

SECUNIA - 32132

SECUNIA - 32069

MLIST - [oss-security] 20080930 Re: Re: CVE request: lighttpd issues

MLIST - [oss-security] 20080930 Re: CVE request: lighttpd issues

SUSE - SUSE-SR:2008:026


Last Updated: 27 May 2016 10:48:28