Description
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Remediation
References
Related Vulnerabilities
WordPress Plugin pipdig Power pack (p3) Backdoor (4.7.3)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0033)
WordPress Plugin STT2 Extension Add Terms Unspecified Vulnerability (1.0.2)
Oracle Database Server Other Vulnerability (CVE-2006-3700)
WordPress Plugin YouTube Cross-Site Request Forgery (11.8.1)