Description
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Super Cache PHP Code Injection (1.2)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3655)
Drupal Resource Management Errors Vulnerability (CVE-2013-0316)
Python Integer Overflow or Wraparound Vulnerability (CVE-2016-9063)
WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)