lighttpd Null Byte Source Code Disclosure

2005-02-12T00:00:00
ID OSVDB:13844
Type osvdb
Reporter Daniel(daniel@schlach.com)
Modified 2005-02-12T00:00:00

Description

Vulnerability Description

Lighttpd contains a flaw that may allow a malicious user to display the source code of arbitrary scripts instead of generated response. The issue is triggered when processing specially crafted HTTP requests containing %00 (null) character after the file extension. It is possible that the flaw may allow to bypass URL checks and obtain sensitive information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.3.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Lighttpd contains a flaw that may allow a malicious user to display the source code of arbitrary scripts instead of generated response. The issue is triggered when processing specially crafted HTTP requests containing %00 (null) character after the file extension. It is possible that the flaw may allow to bypass URL checks and obtain sensitive information resulting in a loss of confidentiality.

Manual Testing Notes

http://[target]/index.php%00

References:

Vendor Specific Advisory URL Secunia Advisory ID:14297 Secunia Advisory ID:14308 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200502-21.xml Other Advisory URL: http://article.gmane.org/gmane.comp.web.lighttpd/1171 CVE-2005-0453