Description
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)
WordPress Plugin Login Block IPs Cross-Site Request Forgery (1.0.0)
WordPress Plugin Live Chat for Fanpage Cross-Site Scripting (2.0.1)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)
ownCloud Improper Access Control Vulnerability (CVE-2016-9460)