3 matches found
FreeBSD Ports: lighttpd
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2005-0453
Lighttpd 1.3.7 and earlier are affected by a vulnerability in buffer_urldecode that mishandles control characters, allowing a remote attacker to disclose the source code of CGI/FastCGI scripts via a URL containing a trailing %00 after the file extension. The issue is an information disclosure aff...
lighttpd < 1.3.8 Null Byte Request CGI Script Source Code Disclosure
According to its banner, the version of lighttpd running on the remote host is prior to 1.3.8. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this vulnerability, by requesting a CGI script that is appended by a '%00', to read...