CVE-2006-0814 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0814
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0814

Description: response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24976 ST 1015703 SREASON http://securityreason.com/securityalert/523 SAID Secunia Advisory: SA18886 OSVDB 23542 MISC http://secunia.com/secunia_research/2006-9/advisory/ CONFIRM http://trac.lighttpd.net/trac/changeset/1005 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/426446/100/0/threaded BID 16893

Return to the previous page.