Gaetan.Bisson

Name of the Vulnerable Software and Affected Versions: lighttpd versions prior to 1.4.20 Description: The issue allows remote attackers to bypass intended access restrictions, obtain sensitive information, or possibly modify data. This is due to lighttpd comparing URIs to patterns in the `url.redirect` and `url.rewrite` configuration settings before performing URL decoding. Recommendations: For versions prior to 1.4.20, update to version 1.4.20 or later to resolve the issue. As a temporary workaround, consider reviewing and adjusting the `url.redirect` and `url.rewrite` configuration settings to minimize the risk of exploitation.