CVE 2007-3949
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.
See the 
CVE page on Mitre.org
for more details.
Launchpad.net
References
- MISC: http://trac.lighttpd.n...
- CONFIRM: http://trac.lighttpd.n...
- BID: 24967
- SECUNIA: 26130
- SECUNIA: 26158
- SUSE: SUSE-SR:2007:015
- GENTOO: GLSA-200708-11
- SECUNIA: 26505
- DEBIAN: DSA-1362
- SECUNIA: 26593
- CONFIRM: http://www.lighttpd.ne...
- VUPEN: ADV-2007-2585
- OSVDB: 38311
- BUGTRAQ: 20070719 rPSA-2007-014...
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)