Description

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

Remediation

References

CVE-2007-3949

Related Vulnerabilities

Magento Incorrect Authorization Vulnerability (CVE-2020-24401)

Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2024-25610)

WordPress Plugin E-Search Multiple Cross-Site Scripting Vulnerabilities (1.0)

WordPress Plugin Powerhouse Museum Collection Image Grid 'tbpv_username' Parameter Cross-Site Scripting (0.9.1.1)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-31618)

Severity

High

Classification

CVE-2007-3949

Tags

Missing Update Known Vulnerabilities