7.5

CVE-2008-4359

EPSS 0.51%
Published 03.10.2008 17:41:40
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

Affected products Warnungen 0 Metrics 2 CWE 1 References 27

Data is provided by the National Vulnerability Database (NVD)

Lighttpd ≫ Lighttpd Version < 1.4.20

Debian ≫ Debian Linux Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.657

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

Third Party Advisory

http://secunia.com/advisories/32834

Third Party Advisory

http://secunia.com/advisories/32069

Third Party Advisory

http://secunia.com/advisories/32132

Third Party Advisory

http://secunia.com/advisories/32480

Third Party Advisory

http://secunia.com/advisories/32972

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200812-04.xml

Third Party Advisory

http://wiki.rpath.com/Advisories:rPSA-2008-0309

Third Party Advisory

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309

Third Party Advisory

http://www.debian.org/security/2008/dsa-1645

Third Party Advisory

http://www.securityfocus.com/archive/1/497932/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/2741

Third Party Advisory

http://openwall.com/lists/oss-security/2008/09/30/1

Mailing List

http://openwall.com/lists/oss-security/2008/09/30/2

Mailing List

http://openwall.com/lists/oss-security/2008/09/30/3

Mailing List

http://trac.lighttpd.net/trac/changeset/2278

Vendor Advisory

Broken Link

http://trac.lighttpd.net/trac/changeset/2307

Vendor Advisory

Broken Link

http://trac.lighttpd.net/trac/changeset/2309

Vendor Advisory

Broken Link

http://trac.lighttpd.net/trac/changeset/2310

Vendor Advisory

Broken Link

http://trac.lighttpd.net/trac/ticket/1720

Vendor Advisory

http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch

Patch

Vendor Advisory

http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt

Vendor Advisory

http://www.securityfocus.com/bid/31599

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/45690

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-4359

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4359

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4359

EUVD