lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-10-03T17:18:00
Updated: 2018-10-11T19:57:01
Reserved: 2008-09-30T00:00:00
Link: CVE-2008-4359
JSON object: View
NVD Information
Status : Analyzed
Published: 2008-10-03T17:41:40.430
Modified: 2018-11-29T15:46:27.457
Link: CVE-2008-4359
JSON object: View
Redhat Information
No data.
CWE