CVE-2006-0814
7.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.01 Low
EPSS
Percentile
83.7%
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) “.” (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
References
secunia.com/advisories/18886
secunia.com/secunia_research/2006-9/advisory/
securityreason.com/securityalert/523
securitytracker.com/id?1015703
trac.lighttpd.net/trac/changeset/1005
www.osvdb.org/23542
www.securityfocus.com/archive/1/426446/100/0/threaded
www.securityfocus.com/bid/16893
www.vupen.com/english/advisories/2006/0782
exchange.xforce.ibmcloud.com/vulnerabilities/24976
Related
7.2 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.01 Low
EPSS
Percentile
83.7%