CVE-2008-4359

Name of the Vulnerable Software and Affected Versions: lighttpd versions prior to 1.4.20

Description: The issue allows remote attackers to bypass intended access restrictions, obtain sensitive information, or possibly modify data. This is due to lighttpd comparing URIs to patterns in the url.redirect and url.rewrite configuration settings before performing URL decoding.

Recommendations: For versions prior to 1.4.20, update to version 1.4.20 or later to resolve the issue. As a temporary workaround, consider reviewing and adjusting the url.redirect and url.rewrite configuration settings to minimize the risk of exploitation.