Description

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

Remediation

References

CVE-2014-2324

Related Vulnerabilities

RubyGems Origin Validation Error Vulnerability (CVE-2017-0902)

WordPress Plugin Tagregator Cross-Site Scripting (0.6)

WordPress Plugin Imsanity Unspecified Vulnerability (2.3.3)

WordPress Plugin ProfileGrid-User Profiles, Memberships, Groups and Communities Remote Code Execution (2.8.5)

WebLogic CVE-2021-1994 Vulnerability (CVE-2021-1994)

Severity

Medium

Classification

CVE-2014-2324 CWE-22

Tags

Missing Update Known Vulnerabilities