lighttpd mod_access.c Crafted URL url.access-deny Bypass

2007-06-15T17:51:07
ID OSVDB:38311
Type osvdb
Reporter OSVDB
Modified 2007-06-15T17:51:07

Description

Solution Description

Upgrade to version 1.4.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://www.lighttpd.net/2007/7/24/1-4-16-let-s-ship-it Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/changeset/1871 Vendor Specific News/Changelog Entry: http://trac.lighttpd.net/trac/ticket/1230 Secunia Advisory ID:26593 Secunia Advisory ID:22588 Secunia Advisory ID:26505 Secunia Advisory ID:26130 Secunia Advisory ID:26158 Related OSVDB ID: 38312 Related OSVDB ID: 38308 Related OSVDB ID: 38314 Related OSVDB ID: 38318 Related OSVDB ID: 38313 Other Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000214.html Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00003.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200708-11.xml Other Advisory URL: http://security.gentoo.org/glsa/glsa-200708-11.xml Other Advisory URL: http://www.novell.com/linux/security/advisories/2007_15_sr.html Other Advisory URL: http://www.debian.org/security/2007/dsa-1362 FrSIRT Advisory: ADV-2007-2585 CVE-2007-3949 Bugtraq ID: 24967