5

CVE-2006-0814

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LighttpdLighttpd Version1.0.2
LighttpdLighttpd Version1.0.3
LighttpdLighttpd Version1.1.0
LighttpdLighttpd Version1.1.1
LighttpdLighttpd Version1.1.2
LighttpdLighttpd Version1.1.3
LighttpdLighttpd Version1.1.4
LighttpdLighttpd Version1.1.5
LighttpdLighttpd Version1.1.6
LighttpdLighttpd Version1.1.7
LighttpdLighttpd Version1.1.8
LighttpdLighttpd Version1.1.9
LighttpdLighttpd Version1.2.0
LighttpdLighttpd Version1.2.1
LighttpdLighttpd Version1.2.2
LighttpdLighttpd Version1.2.3
LighttpdLighttpd Version1.2.4
LighttpdLighttpd Version1.2.5
LighttpdLighttpd Version1.2.6
LighttpdLighttpd Version1.2.7
LighttpdLighttpd Version1.2.8
LighttpdLighttpd Version1.3.0
LighttpdLighttpd Version1.3.1
LighttpdLighttpd Version1.3.2
LighttpdLighttpd Version1.3.3
LighttpdLighttpd Version1.3.4
LighttpdLighttpd Version1.3.5
LighttpdLighttpd Version1.3.6
LighttpdLighttpd Version1.3.7
LighttpdLighttpd Version1.3.8
LighttpdLighttpd Version1.3.9
LighttpdLighttpd Version1.3.10
LighttpdLighttpd Version1.3.11
LighttpdLighttpd Version1.3.12
LighttpdLighttpd Version1.3.13
LighttpdLighttpd Version1.3.14
LighttpdLighttpd Version1.3.15
LighttpdLighttpd Version1.3.16
LighttpdLighttpd Version1.4.0
LighttpdLighttpd Version1.4.1
LighttpdLighttpd Version1.4.2
LighttpdLighttpd Version1.4.3
LighttpdLighttpd Version1.4.4
LighttpdLighttpd Version1.4.5
LighttpdLighttpd Version1.4.6
LighttpdLighttpd Version1.4.7
LighttpdLighttpd Version1.4.8
LighttpdLighttpd Version1.4.9
LighttpdLighttpd Version1.4.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.33% 0.951
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18886
Patch
Vendor Advisory
http://secunia.com/secunia_research/2006-9/advisory/
Patch
Vendor Advisory
http://securityreason.com/securityalert/523
http://securitytracker.com/id?1015703
http://trac.lighttpd.net/trac/changeset/1005
http://www.osvdb.org/23542
http://www.securityfocus.com/archive/1/426446/100/0/threaded
http://www.securityfocus.com/bid/16893
http://www.vupen.com/english/advisories/2006/0782
https://exchange.xforce.ibmcloud.com/vulnerabilities/24976