|
|
CVE Reference: CVE-2006-0814 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0814 |
|
|
Description: response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24976 ST 1015703 SREASON http://securityreason.com/securityalert/523 SAID Secunia Advisory: SA18886 OSVDB 23542 MISC http://secunia.com/secunia_research/2006-9/advisory/ CONFIRM http://trac.lighttpd.net/trac/changeset/1005 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/426446/100/0/threaded BID 16893 |
|
| Return to the previous page. |
