CVE-2006-0814

Name of the Vulnerable Software and Affected Versions Lighttpd versions 1.4.10 and prior

Description The issue allows remote attackers to read arbitrary source code via specially-crafted requests. This is caused by a validation error of the filename extension supplied by the user in the URL, which can be exploited to retrieve the source code of script files, such as PHP files, from the server. The vulnerability is triggered by requests containing trailing dot and space characters, which are ignored by Windows.

Recommendations For Lighttpd versions 1.4.10 and prior, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable version of Lighttpd on Windows systems. At the moment, there is no information about a newer version that contains a fix for this vulnerability.