First published: Mon Mar 06 2006(Updated: )
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fipsasp Fipscms Light | =1.0.2 | |
Fipsasp Fipscms Light | =1.0.3 | |
Fipsasp Fipscms Light | =1.1.0 | |
Fipsasp Fipscms Light | =1.1.1 | |
Fipsasp Fipscms Light | =1.1.2 | |
Fipsasp Fipscms Light | =1.1.3 | |
Fipsasp Fipscms Light | =1.1.4 | |
Fipsasp Fipscms Light | =1.1.5 | |
Fipsasp Fipscms Light | =1.1.6 | |
Fipsasp Fipscms Light | =1.1.7 | |
Fipsasp Fipscms Light | =1.1.8 | |
Fipsasp Fipscms Light | =1.1.9 | |
Fipsasp Fipscms Light | =1.2.0 | |
Fipsasp Fipscms Light | =1.2.1 | |
Fipsasp Fipscms Light | =1.2.2 | |
Fipsasp Fipscms Light | =1.2.3 | |
Fipsasp Fipscms Light | =1.2.4 | |
Fipsasp Fipscms Light | =1.2.5 | |
Fipsasp Fipscms Light | =1.2.6 | |
Fipsasp Fipscms Light | =1.2.7 | |
Fipsasp Fipscms Light | =1.2.8 | |
Fipsasp Fipscms Light | =1.3.0 | |
Fipsasp Fipscms Light | =1.3.1 | |
Fipsasp Fipscms Light | =1.3.2 | |
Fipsasp Fipscms Light | =1.3.3 | |
Fipsasp Fipscms Light | =1.3.4 | |
Fipsasp Fipscms Light | =1.3.5 | |
Fipsasp Fipscms Light | =1.3.6 | |
Fipsasp Fipscms Light | =1.3.7 | |
Fipsasp Fipscms Light | =1.3.8 | |
Fipsasp Fipscms Light | =1.3.9 | |
Fipsasp Fipscms Light | =1.3.10 | |
Fipsasp Fipscms Light | =1.3.11 | |
Fipsasp Fipscms Light | =1.3.12 | |
Fipsasp Fipscms Light | =1.3.13 | |
Fipsasp Fipscms Light | =1.3.14 | |
Fipsasp Fipscms Light | =1.3.15 | |
Fipsasp Fipscms Light | =1.3.16 | |
Fipsasp Fipscms Light | =1.4.0 | |
Fipsasp Fipscms Light | =1.4.1 | |
Fipsasp Fipscms Light | =1.4.2 | |
Fipsasp Fipscms Light | =1.4.3 | |
Fipsasp Fipscms Light | =1.4.4 | |
Fipsasp Fipscms Light | =1.4.5 | |
Fipsasp Fipscms Light | =1.4.6 | |
Fipsasp Fipscms Light | =1.4.7 | |
Fipsasp Fipscms Light | =1.4.8 | |
Fipsasp Fipscms Light | =1.4.9 | |
Fipsasp Fipscms Light | =1.4.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-0814 is considered a medium severity vulnerability due to its potential for unauthorized access to sensitive files.
To mitigate CVE-2006-0814, it is recommended to upgrade to a patched version of Lighttpd above 1.4.10.
CVE-2006-0814 affects Lighttpd versions 1.4.10 and possibly earlier, especially when running on Windows.
Yes, CVE-2006-0814 allows remote attackers to read arbitrary source code, making it exploitable from outside the network.
Exploiting CVE-2006-0814 can lead to unauthorized disclosure of sensitive source code, potentially exposing vulnerabilities in the application.