Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 239552 - <=www-servers/lighttpd-1.4.20 access restrictions bypass (CVE-2008-4359)
Summary: <=www-servers/lighttpd-1.4.20 access restrictions bypass (CVE-2008-4359)
Status: RESOLVED DUPLICATE of bug 238180
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2008-10-04 15:40 UTC by Stefan Behte (RETIRED)
Modified: 2008-10-04 15:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-10-04 15:40:05 UTC
CVE-2008-4359 (
  lighttpd before 1.4.20 compares URIs to patterns in the (1)
  url.redirect and (2) url.rewrite configuration settings before
  performing URL decoding, which might allow remote attackers to bypass
  intended access restrictions, and obtain sensitive information or
  possibly modify data.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-10-04 15:45:44 UTC
Didn't see the CVE in 238180 first, sorry.

*** This bug has been marked as a duplicate of bug 238180 ***