Description

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.

Remediation

References

CVE-2006-0814

Related Vulnerabilities

ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4673)

SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2045)

WordPress Plugin WP Visitor Statistics (Real Time Traffic) Cross-Site Scripting (6.4)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31780)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-1850)

Severity

Medium

Classification

CVE-2006-0814

Tags

Missing Update Known Vulnerabilities