FreeBSD Ports: Lighttpd Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.lighttpd.net/news/ http://xforce.iss.net/xforce/xfdb/19350 http://article.gmane.org/gmane.comp.web.lighttpd/1171 http://www.vuxml.org/freebsd/bdad9ada-8a52-11d9-9e53-000a95bc6fae.html

Insight

The following package is affected: lighttpd CVE-2005-0453 The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.

Severity

Classification

CVE CVE-2005-0453
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

FreeBSD Ports: apache
FreeBSD Ports: awstats
FreeBSD Ports: coppermine
FreeBSD Ports: bugzilla
FreeBSD Ports: apache

FreeBSD Ports: lighttpd

Take action and discover your vulnerabilities