CVE-2005-0453

2005-02-16T05:00:00
ID CVE-2005-0453
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T20:46:00

Description

The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.