Summary
The 'lighttpd' program is prone to a security-bypass vulnerability that occurs in the 'mod_userdir' module.
Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive information. This may lead to other attacks.
Versions prior to 'lighttpd' 1.4.20 are vulnerable.
Solution
The vendor has released lighttpd 1.4.20 to address this issue. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2008-4360 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- JBoss Application Server Multiple Vulnerabilities
- JBoss Enterprise Application Platform Multiple Remote Vulnerabilities
- mod_python handle abuse
- Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability
- Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability