Lucene search
HistoryFeb 16, 2005 - 5:00 a.m.
CVE-2005-0453
cve-2005-0453
lighttpd
buffer_urldecode
remote code execution
security vulnerability
6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.7%
The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.
| CPE | Name | Operator | Version |
|---|---|---|---|
| lighttpd:lighttpd | lighttpd | eq | 1.3.7 |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200502-21 (lighttpd)
2008-09-24 00:00:00
FreeBSD Ports: lighttpd
2008-09-04 00:00:00
FreeBSD Ports: lighttpd
2008-09-04 00:00:00
nessus
nessus
GLSA-200502-21 : lighttpd: Script source disclosure
2005-02-16 00:00:00
lighttpd < 1.3.8 Null Byte Request CGI Script Source Code Disclosure
2005-02-16 00:00:00
freebsd
freebsd
lighttpd -- script source disclosure vulnerability
2005-02-12 00:00:00
gentoo
gentoo
lighttpd: Script source disclosure
2005-02-15 00:00:00
6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.7%
Related for CVE-2005-0453