1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
PublicDate: 2007-07-23
Candidate: CVE-2007-3949
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3949
Description:
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in
the URL, which allows remote attackers to bypass url.access-deny settings.
Ubuntu-Description:
Notes:
Bugs:
dapper_lighttpd: released (1.4.11-3ubuntu3.5)
edgy_lighttpd: released (1.4.13~r1370-1ubuntu1.3)
feisty_lighttpd: released (1.4.13-9ubuntu4.2)
gutsy_lighttpd: not-affected
devel_lighttpd: not-affected
upstream_lighttpd: released (1.4.16)
|