7.5

CVE-2008-4359

EPSS 0.51%
Veröffentlicht 03.10.2008 17:41:40
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 27

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lighttpd ≫ Lighttpd Version < 1.4.20

Debian ≫ Debian Linux Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

Third Party Advisory

http://secunia.com/advisories/32834

Third Party Advisory

http://secunia.com/advisories/32069

Third Party Advisory

http://secunia.com/advisories/32132

Third Party Advisory

http://secunia.com/advisories/32480

Third Party Advisory

http://secunia.com/advisories/32972

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200812-04.xml

Third Party Advisory

http://wiki.rpath.com/Advisories:rPSA-2008-0309

Third Party Advisory

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309

Third Party Advisory

http://www.debian.org/security/2008/dsa-1645

Third Party Advisory

http://www.securityfocus.com/archive/1/497932/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/2741

Third Party Advisory

http://openwall.com/lists/oss-security/2008/09/30/1

Mailing List

http://openwall.com/lists/oss-security/2008/09/30/2

Mailing List

http://openwall.com/lists/oss-security/2008/09/30/3

Mailing List

http://trac.lighttpd.net/trac/changeset/2278

Vendor Advisory

Broken Link

http://trac.lighttpd.net/trac/changeset/2307

Vendor Advisory

Broken Link

http://trac.lighttpd.net/trac/changeset/2309

Vendor Advisory

Broken Link

http://trac.lighttpd.net/trac/changeset/2310

Vendor Advisory

Broken Link

http://trac.lighttpd.net/trac/ticket/1720

Vendor Advisory

http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch

Patch

Vendor Advisory

http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt

Vendor Advisory

http://www.securityfocus.com/bid/31599

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/45690

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-4359

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4359

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4359

EUVD