First published: Fri Mar 14 2014(Updated: )
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Lighttpd Lighttpd | <1.4.35 | |
Debian Debian Linux | =6.0 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
openSUSE openSUSE | =11.4 | |
openSUSE openSUSE | =12.3 | |
openSUSE openSUSE | =13.1 | |
Suse Linux Enterprise High Availability Extension | =11-sp3 | |
SUSE Linux Enterprise Software Development Kit | =11-sp3 | |
Contec Sv-cpt-mc310 Firmware | <6.5 | |
Contec Sv-cpt-mc310 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.