CVE-2008-4359
Summary
| CVE | CVE-2008-4359 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-10-03 17:41:00 UTC |
| Updated | 2018-11-29 15:46:00 UTC |
| Description | lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 4.0 | All | All | All |
| Operating System | Debian | Debian Linux | 4.0 | All | All | All |
| Application | Lighttpd | Lighttpd | All | All | All | All |
| Application | Lighttpd | Lighttpd | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| Lighttpd - Bug #1720: Rewrite/redirect rules and URL encoding - lighty labs | CONFIRM | trac.lighttpd.net | Vendor Advisory |
| oss-security - Re: CVE request: lighttpd issues | MLIST | openwall.com | Mailing List |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | Third Party Advisory |
| rPath update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| oss-security - Re: Re: CVE request: lighttpd issues | MLIST | openwall.com | Mailing List |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Advisories:rPSA-2008-0309 - rPath Wiki | CONFIRM | wiki.rpath.com | Third Party Advisory |
| Changeset 2278 – lighttpd – Trac | CONFIRM | trac.lighttpd.net | Broken Link, Vendor Advisory |
| SUSE update for phpMyAdmin and lighttpd - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| Changeset 2309 – lighttpd – Trac | CONFIRM | trac.lighttpd.net | Broken Link, Vendor Advisory |
| Changeset 2310 – lighttpd – Trac | CONFIRM | trac.lighttpd.net | Broken Link, Vendor Advisory |
| oss-security - Re: CVE request: lighttpd issues | MLIST | openwall.com | Mailing List |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Lighttpd URI Rewrite/Redirect Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Changeset 2307 – lighttpd – Trac | CONFIRM | trac.lighttpd.net | Broken Link, Vendor Advisory |
| Debian -- Security Information -- DSA-1645-1 lighttpd | DEBIAN | www.debian.org | Third Party Advisory |
| www.lighttpd.net/security/lighttpd_sa_2008_05.txt | CONFIRM | www.lighttpd.net | Vendor Advisory |
| www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch | CONFIRM | www.lighttpd.net | Patch, Vendor Advisory |
| lighttpd: Multiple vulnerabilities — Gentoo Linux Documentation | GENTOO | security.gentoo.org | Third Party Advisory |
| Advisories:rPSA-2008-0309 - rPath Wiki | CONFIRM | wiki.rpath.com | Third Party Advisory |
| lighttpd Weakness and Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Third Party Advisory |
| Security Advisory SA32972 - Gentoo update for lighttpd - Secunia | SECUNIA | secunia.com | Third Party Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2008:026 | SUSE | lists.opensuse.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.