Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-4359
HistoryOct 03, 2008 - 12:00 a.m.

CVE-2008-4359

2008-10-0300:00:00
ubuntu.com
ubuntu.com
5

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.8%

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect
and (2) url.rewrite configuration settings before performing URL decoding,
which might allow remote attackers to bypass intended access restrictions,
and obtain sensitive information or possibly modify data.

Bugs

Notes

Author Note
jdstrand according to http://redmine.lighttpd.net/issues/show/1720, the upstream patch has been reverted due to too many regressions. As such, future versions will need to be checked to ensure it is fixed

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.8%