Description
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.
Remediation
References
Related Vulnerabilities
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2020-36238)
WordPress Plugin Wordpress Poll SQL Injection (36)
WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)
WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.2)
WordPress Plugin Fileviewer Cross-Site Request Forgery (2.2)