Access Control Bypass in lighttpd Web Server
CVE-2008-4359

Currently unrated

Key Information:

Vendor

Lighttpd

Status
Lighttpd
Vendor
CVE Published:
3 October 2008

What is CVE-2008-4359?

The vulnerability in lighttpd affects versions prior to 1.4.20, where the server improperly compares URIs against patterns in the url.redirect and url.rewrite configuration settings before conducting URL decoding. This oversight may enable remote attackers to bypass intended access restrictions, potentially leading to unauthorized exposure of sensitive information or the alteration of data. Proper handling of URI patterns is necessary to prevent such exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/32069
third-party-advisoryx_refsource_SECUNIA
http://trac.lighttpd.net/trac/changeset/2307
x_refsource_CONFIRM
http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.