Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Lighttpd Other Vulnerability (CVE-2005-0453)

Description

The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.

Remediation

References

Related Vulnerabilities

WordPress Plugin Pinterest by BestWebSoft Cross-Site Scripting (1.0.4)

WordPress Plugin Woocommerce Aliexpress Dropshipping Lite PHP Object Injection (1.0.1)

WordPress Plugin Realty by BestWebSoft Cross-Site Scripting (1.0.9)

WordPress Plugin Neuvoo Jobs Cross-Site Scripting (2.0)

Tornado Improper Handling of Invalid Use of Special Elements Vulnerability (CVE-2026-35536)

Severity

Medium

Classification

CVE-2005-0453

Tags

Missing Update Known Vulnerabilities