Lighttpd · Lighttpd · CVE-2008-4359
Name of the Vulnerable Software and Affected Versions:
lighttpd versions prior to 1.4.20
Description:
The issue allows remote attackers to bypass intended access restrictions, obtain sensitive information, or possibly modify data. This is due to lighttpd comparing URIs to patterns in the `url.redirect` and `url.rewrite` configuration settings before performing URL decoding.
Recommendations:
For versions prior to 1.4.20, update to version 1.4.20 or later to resolve the issue. As a temporary workaround, consider reviewing and adjusting the `url.redirect` and `url.rewrite` configuration settings to minimize the risk of exploitation.