| VID |
22402 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The relevant host is running a version of lighttpd Web Server which is older or equal to 1.4.10. lighttpd is a web server that provides an interface to external programs and allows Web applications to run separate chroot. The lighttpd versions 1.4.10 and earlier for Microsoft Windows could allow a remote attacker to obtain the source code of script files. By sending a specially-crafted URL request with "dot" and "space" characters appended to the file extension, a remote attacker could read the requested file's source code.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://www.kevinworthington.com:8181/?p=109
http://secunia.com/secunia_research/2006-9/advisory/
http://secunia.com/advisories/18886/
* Platforms Affected:
lighttpd version 1.4.10 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of lighttpd (1.4.10a or later), available from the lighttpd Download Web site at http://lighttpd.net/download/ |
| Related URL |
CVE-2006-0814 (CVE) |
| Related URL |
16893 (SecurityFocus) |
| Related URL |
24976 (ISS) |
|
