{"api_version":"1","generated_at":"2026-04-23T04:21:08+00:00","cve":"CVE-2008-4359","urls":{"html":"https://cve.report/CVE-2008-4359","api":"https://cve.report/api/cve/CVE-2008-4359.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-4359","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-4359"},"summary":{"title":"CVE-2008-4359","description":"lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-10-03 17:41:40","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch","name":"http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/32480","name":"http://secunia.com/advisories/32480","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"rPath update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt","name":"http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/32972","name":"http://secunia.com/advisories/32972","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Security Advisory SA32972 - Gentoo update for lighttpd - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://trac.lighttpd.net/trac/changeset/2307","name":"http://trac.lighttpd.net/trac/changeset/2307","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Changeset 2307 –\n      lighttpd – Trac","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://trac.lighttpd.net/trac/ticket/1720","name":"http://trac.lighttpd.net/trac/ticket/1720","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Lighttpd - Bug #1720: Rewrite/redirect rules and URL encoding - lighty labs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/32834","name":"http://secunia.com/advisories/32834","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"SUSE update for phpMyAdmin and lighttpd - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://wiki.rpath.com/Advisories:rPSA-2008-0309","name":"http://wiki.rpath.com/Advisories:rPSA-2008-0309","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Advisories:rPSA-2008-0309 - rPath Wiki","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2008/09/30/3","name":"http://openwall.com/lists/oss-security/2008/09/30/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"oss-security - Re: Re: CVE request: lighttpd issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/31599","name":"http://www.securityfocus.com/bid/31599","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Lighttpd URI Rewrite/Redirect Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2008/2741","name":"http://www.vupen.com/english/advisories/2008/2741","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Webmail | OVH- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2008/dsa-1645","name":"http://www.debian.org/security/2008/dsa-1645","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-1645-1 lighttpd","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200812-04.xml","name":"http://security.gentoo.org/glsa/glsa-200812-04.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"lighttpd: Multiple vulnerabilities — Gentoo Linux Documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://trac.lighttpd.net/trac/changeset/2278","name":"http://trac.lighttpd.net/trac/changeset/2278","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Changeset 2278 –\n      lighttpd – Trac","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/497932/100/0/threaded","name":"http://www.securityfocus.com/archive/1/497932/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2008/09/30/1","name":"http://openwall.com/lists/oss-security/2008/09/30/1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"oss-security - Re: CVE request: lighttpd issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309","name":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Advisories:rPSA-2008-0309 - rPath Wiki","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/32132","name":"http://secunia.com/advisories/32132","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/32069","name":"http://secunia.com/advisories/32069","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"lighttpd Weakness and Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2008/09/30/2","name":"http://openwall.com/lists/oss-security/2008/09/30/2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"oss-security - Re: CVE request: lighttpd issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45690","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45690","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://trac.lighttpd.net/trac/changeset/2309","name":"http://trac.lighttpd.net/trac/changeset/2309","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Changeset 2309 –\n      lighttpd – Trac","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://trac.lighttpd.net/trac/changeset/2310","name":"http://trac.lighttpd.net/trac/changeset/2310","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Changeset 2310 –\n      lighttpd – Trac","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html","name":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2008:026","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-4359","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4359","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"4359","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"4359","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lighttpd","cpe5":"lighttpd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T10:17:08.779Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"32069","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32069"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://trac.lighttpd.net/trac/changeset/2307"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt"},{"name":"32972","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32972"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://trac.lighttpd.net/trac/changeset/2278"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://wiki.rpath.com/Advisories:rPSA-2008-0309"},{"name":"31599","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/31599"},{"name":"32834","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32834"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://trac.lighttpd.net/trac/ticket/1720"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://trac.lighttpd.net/trac/changeset/2309"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309"},{"name":"32132","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32132"},{"name":"[oss-security] 20080930 Re: CVE request: lighttpd issues","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://openwall.com/lists/oss-security/2008/09/30/1"},{"name":"20081030 rPSA-2008-0309-1 lighttpd","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/497932/100/0/threaded"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://trac.lighttpd.net/trac/changeset/2310"},{"name":"ADV-2008-2741","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/2741"},{"name":"DSA-1645","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2008/dsa-1645"},{"name":"[oss-security] 20080930 Re: Re: CVE request: lighttpd issues","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://openwall.com/lists/oss-security/2008/09/30/3"},{"name":"lighttpd-urlredirect-rewrite-info-disclosure(45690)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45690"},{"name":"[oss-security] 20080930 Re: CVE request: lighttpd issues","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://openwall.com/lists/oss-security/2008/09/30/2"},{"name":"32480","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32480"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch"},{"name":"SUSE-SR:2008:026","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"},{"name":"GLSA-200812-04","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200812-04.xml"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-09-30T00:00:00.000Z","descriptions":[{"lang":"en","value":"lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"32069","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32069"},{"tags":["x_refsource_CONFIRM"],"url":"http://trac.lighttpd.net/trac/changeset/2307"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt"},{"name":"32972","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32972"},{"tags":["x_refsource_CONFIRM"],"url":"http://trac.lighttpd.net/trac/changeset/2278"},{"tags":["x_refsource_CONFIRM"],"url":"http://wiki.rpath.com/Advisories:rPSA-2008-0309"},{"name":"31599","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/31599"},{"name":"32834","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32834"},{"tags":["x_refsource_CONFIRM"],"url":"http://trac.lighttpd.net/trac/ticket/1720"},{"tags":["x_refsource_CONFIRM"],"url":"http://trac.lighttpd.net/trac/changeset/2309"},{"tags":["x_refsource_CONFIRM"],"url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309"},{"name":"32132","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32132"},{"name":"[oss-security] 20080930 Re: CVE request: lighttpd issues","tags":["mailing-list","x_refsource_MLIST"],"url":"http://openwall.com/lists/oss-security/2008/09/30/1"},{"name":"20081030 rPSA-2008-0309-1 lighttpd","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/497932/100/0/threaded"},{"tags":["x_refsource_CONFIRM"],"url":"http://trac.lighttpd.net/trac/changeset/2310"},{"name":"ADV-2008-2741","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/2741"},{"name":"DSA-1645","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2008/dsa-1645"},{"name":"[oss-security] 20080930 Re: Re: CVE request: lighttpd issues","tags":["mailing-list","x_refsource_MLIST"],"url":"http://openwall.com/lists/oss-security/2008/09/30/3"},{"name":"lighttpd-urlredirect-rewrite-info-disclosure(45690)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45690"},{"name":"[oss-security] 20080930 Re: CVE request: lighttpd issues","tags":["mailing-list","x_refsource_MLIST"],"url":"http://openwall.com/lists/oss-security/2008/09/30/2"},{"name":"32480","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32480"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch"},{"name":"SUSE-SR:2008:026","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"},{"name":"GLSA-200812-04","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200812-04.xml"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-4359","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"32069","refsource":"SECUNIA","url":"http://secunia.com/advisories/32069"},{"name":"http://trac.lighttpd.net/trac/changeset/2307","refsource":"CONFIRM","url":"http://trac.lighttpd.net/trac/changeset/2307"},{"name":"http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt","refsource":"CONFIRM","url":"http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt"},{"name":"32972","refsource":"SECUNIA","url":"http://secunia.com/advisories/32972"},{"name":"http://trac.lighttpd.net/trac/changeset/2278","refsource":"CONFIRM","url":"http://trac.lighttpd.net/trac/changeset/2278"},{"name":"http://wiki.rpath.com/Advisories:rPSA-2008-0309","refsource":"CONFIRM","url":"http://wiki.rpath.com/Advisories:rPSA-2008-0309"},{"name":"31599","refsource":"BID","url":"http://www.securityfocus.com/bid/31599"},{"name":"32834","refsource":"SECUNIA","url":"http://secunia.com/advisories/32834"},{"name":"http://trac.lighttpd.net/trac/ticket/1720","refsource":"CONFIRM","url":"http://trac.lighttpd.net/trac/ticket/1720"},{"name":"http://trac.lighttpd.net/trac/changeset/2309","refsource":"CONFIRM","url":"http://trac.lighttpd.net/trac/changeset/2309"},{"name":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309","refsource":"CONFIRM","url":"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309"},{"name":"32132","refsource":"SECUNIA","url":"http://secunia.com/advisories/32132"},{"name":"[oss-security] 20080930 Re: CVE request: lighttpd issues","refsource":"MLIST","url":"http://openwall.com/lists/oss-security/2008/09/30/1"},{"name":"20081030 rPSA-2008-0309-1 lighttpd","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/497932/100/0/threaded"},{"name":"http://trac.lighttpd.net/trac/changeset/2310","refsource":"CONFIRM","url":"http://trac.lighttpd.net/trac/changeset/2310"},{"name":"ADV-2008-2741","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/2741"},{"name":"DSA-1645","refsource":"DEBIAN","url":"http://www.debian.org/security/2008/dsa-1645"},{"name":"[oss-security] 20080930 Re: Re: CVE request: lighttpd issues","refsource":"MLIST","url":"http://openwall.com/lists/oss-security/2008/09/30/3"},{"name":"lighttpd-urlredirect-rewrite-info-disclosure(45690)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45690"},{"name":"[oss-security] 20080930 Re: CVE request: lighttpd issues","refsource":"MLIST","url":"http://openwall.com/lists/oss-security/2008/09/30/2"},{"name":"32480","refsource":"SECUNIA","url":"http://secunia.com/advisories/32480"},{"name":"http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch","refsource":"CONFIRM","url":"http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch"},{"name":"SUSE-SR:2008:026","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"},{"name":"GLSA-200812-04","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200812-04.xml"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-4359","datePublished":"2008-10-03T17:18:00.000Z","dateReserved":"2008-09-30T00:00:00.000Z","dateUpdated":"2024-08-07T10:17:08.779Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-10-03 17:41:40","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.20","matchCriteriaId":"26A3F66A-350C-4592-9E11-855B5DFAE013"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*","matchCriteriaId":"0F92AB32-E7DE-43F4-B877-1F41FA162EC7"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"4359","Ordinal":"1","Title":"CVE-2008-4359","CVE":"CVE-2008-4359","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"4359","Ordinal":"1","NoteData":"lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.","Type":"Description","Title":"CVE-2008-4359"},{"CveYear":"2008","CveId":"4359","Ordinal":"2","NoteData":"2008-10-03","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"4359","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}