2 matches found
Default configuration
moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...
CVE-2008-4298
Memory leak in the httprequestparse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service memory consumption via a large number of requests with duplicate request headers...