CVE-2008-4359 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4359
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4359

Description: lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45690 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html SAID Secunia Advisory: SA32132 Secunia Advisory: SA32069 Secunia Advisory: SA32834 Secunia Advisory: SA32972 Secunia Advisory: SA32480 MLIST http://openwall.com/lists/oss-security/2008/09/30/3 http://openwall.com/lists/oss-security/2008/09/30/2 http://openwall.com/lists/oss-security/2008/09/30/1 GENTOO http://security.gentoo.org/glsa/glsa-200812-04.xml DEBIAN http://www.debian.org/security/2008/dsa-1645 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0309 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309 http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch http://trac.lighttpd.net/trac/ticket/1720 http://trac.lighttpd.net/trac/changeset/2310 http://trac.lighttpd.net/trac/changeset/2309 http://trac.lighttpd.net/trac/changeset/2278 http://trac.lighttpd.net/trac/changeset/2307 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/497932/100/0/threaded BID 31599

Return to the previous page.