CVE-2007-3949Lighttpd vulnerability

5 documents5 sources
Severity
8.3HIGHNVD
EPSS
0.6%
top 30.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LighttpdDebian Lighttpd
Timeline
PublishedJul 24
Latest updateMay 1

Description

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

CVSS vector

AV:N/AC:M/C:P/I:P/A:CExploitability: 8.6 | Impact: 8.5

Affected Packages3 packages

debiandebian/lighttpd< lighttpd 1.4.16-1 (bookworm)
Debianlighttpd/lighttpd< 1.4.16-1+3
NVDlighttpd/lighttpd1.4.15

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-rxgv-x78r-p9p9: mod_access2022-05-01
OSV
CVE-2007-3949: mod_access2007-07-24

📋Vendor Advisories

1
Debian
CVE-2007-3949: lighttpd - mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL...2007

💬Community

1
Bugzilla
CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities2007-07-21