Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 239552
Alias:
Product:
Component:
Status: RESOLVED
Resolution: DUPLICATE of bug 238180
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Stefan Behte <craig@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 239552 depends on: Show dependency tree
Bug 239552 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-10-04 15:40 0000 
CVE-2008-4359 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4359):
  lighttpd before 1.4.20 compares URIs to patterns in the (1)
  url.redirect and (2) url.rewrite configuration settings before
  performing URL decoding, which might allow remote attackers to bypass
  intended access restrictions, and obtain sensitive information or
  possibly modify data.

------- Comment #1 From Stefan Behte 2008-10-04 15:45:44 0000 ------- 
Didn't see the CVE in 238180 first, sorry.

*** This bug has been marked as a duplicate of bug 238180 ***
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug