Description

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

Remediation

References

CVE-2014-2324

Related Vulnerabilities

Oracle Database Server CVE-2023-22075 Vulnerability (CVE-2023-22075)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Scripting (2.6.5)

Joomla! Core 1.6.0 Spam (1.6.0)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Cross-Site Scripting (5.6.0.2)

Oracle JRE CVE-2013-2440 Vulnerability (CVE-2013-2440)

Severity

Medium

Classification

CVE-2014-2324 CWE-22

Tags

Missing Update Known Vulnerabilities