|
|
>> Lighttpd "mod_userdir" Module Information Disclosure Vulnerability
|
Title : Lighttpd "mod_userdir" Module Information Disclosure Vulnerability VUPEN ID : VUPEN/ADV-2008-0885 CVE ID : CVE-2008-1270
Rated as : Low Risk 
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-03-17
|
A vulnerability has been identified in Lighttpd, which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information. This issue is caused by an error when loading "mod_userdir" (not loaded by default) while "userdir.path" is not configured, which could cause userdir requests to be sent to "$HOME", allowing the reading of arbitrary files from the system.
Affected Products
Lighttpd versions prior 1.4.19
Solution
Upgrade to Lighttpd version 1.4.19 :
http://www.lighttpd.net/download
References
http://www.vupen.com/english/advisories/2008/0885 http://www.lighttpd.net/security/lighttpd_sa_2008_03.txt
Credits
Vulnerability reported by the vendor.
ChangeLog
2008-03-17 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|