1) Affected Software * Lighttpd version 1.4.10 for Windows. Other versions may also be affected. ====================================================================== 2) Severity Rating: Moderately Critical Impact: Exposure of sensitive information Where: Remote ====================================================================== 3) Description of Vulnerability Secunia Research has discovered a vulnerability in Lighttpd, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing dot and space characters. http://secunia.com/secunia_research/2006-9/advisory/
Looks like a Windows specific thing or a dupe from bug 123022
(In reply to comment #1) > Looks like a Windows specific thing or a dupe from bug 123022 > Likely a dupe. I wanted to track it anyways, since the advisory is very unspecific and the CVE entry status is under review, so there's not much information available.
http://www.lighttpd.net/news/ says it's a Windows-only issue.
