Description
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Remediation
References
Related Vulnerabilities
WordPress Plugin FormBuilder Cross-Site Scripting (1.05)
WordPress Plugin WP Super Cache Cross-Site Scripting (1.4.2)
WordPress Plugin Import Woocommerce Cross-Site Scripting (1.0.1)
WordPress Plugin WP Page Builder Cross-Site Scripting (1.2.6)
Nginx Resource Management Errors Vulnerability (CVE-2016-0747)