CVE-2008-4359

lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

CVSS v2.0 7.5

7.5^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References

Link	Resource
http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch	Patch Vendor Advisory
http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt	Vendor Advisory
http://openwall.com/lists/oss-security/2008/09/30/3	Mailing List
http://trac.lighttpd.net/trac/changeset/2309	Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/ticket/1720	Vendor Advisory
http://openwall.com/lists/oss-security/2008/09/30/1	Mailing List
http://trac.lighttpd.net/trac/changeset/2307	Broken Link Vendor Advisory
http://openwall.com/lists/oss-security/2008/09/30/2	Mailing List
http://trac.lighttpd.net/trac/changeset/2310	Broken Link Vendor Advisory
http://trac.lighttpd.net/trac/changeset/2278	Broken Link Vendor Advisory
http://www.debian.org/security/2008/dsa-1645	Third Party Advisory
http://secunia.com/advisories/32132	Third Party Advisory
http://www.securityfocus.com/bid/31599	Third Party Advisory VDB Entry
http://secunia.com/advisories/32069	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0309	Third Party Advisory
http://secunia.com/advisories/32834	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-04.xml	Third Party Advisory
http://secunia.com/advisories/32972	Third Party Advisory
http://secunia.com/advisories/32480	Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2741	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45690	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/497932/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1

cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2008-10-03 05:41

Updated : 2018-11-29 03:46

NVD link : CVE-2008-4359

Mitre link : CVE-2008-4359

Products Affected

No products.

CWE

CWE-200