Summary
The 'lighttpd' program is prone to a security-bypass vulnerability that occurs in the 'mod_userdir' module.
Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive information. This may lead to other attacks.
Versions prior to 'lighttpd' 1.4.20 are vulnerable.
Solution
The vendor has released lighttpd 1.4.20 to address this issue. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2008-4360 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities