Vulnerability Details : CVE-2008-4359
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Products affected by CVE-2008-4359
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*
Threat overview for CVE-2008-4359
Top countries where our scanners detected CVE-2008-4359
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-4359 76,709
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-4359!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-4359
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4359
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-4359
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4359
-
http://wiki.rpath.com/Advisories:rPSA-2008-0309
Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/2741
Site en constructionThird Party Advisory
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0309
Third Party Advisory
-
http://secunia.com/advisories/32480
About Secunia Research | FlexeraThird Party Advisory
-
http://www.lighttpd.net/security/lighttpd-1.4.x_rewrite_redirect_decode_url.patch
Patch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/497932/100/0/threaded
Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:026 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://trac.lighttpd.net/trac/changeset/2307
Redmine 404 errorBroken Link;Vendor Advisory
-
http://openwall.com/lists/oss-security/2008/09/30/3
oss-security - Re: Re: CVE request: lighttpd issuesMailing List
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45690
lighttpd url.redirect and url.rewrite information disclosure CVE-2008-4359 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/32069
About Secunia Research | FlexeraThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200812-04.xml
lighttpd: Multiple vulnerabilities (GLSA 200812-04) — Gentoo securityThird Party Advisory
-
http://trac.lighttpd.net/trac/ticket/1720
Bug #1720: Rewrite/redirect rules and URL encoding - Lighttpd - lighty labsVendor Advisory
-
http://trac.lighttpd.net/trac/changeset/2310
Redmine 404 errorBroken Link;Vendor Advisory
-
http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
Vendor Advisory
-
http://secunia.com/advisories/32834
About Secunia Research | FlexeraThird Party Advisory
-
http://trac.lighttpd.net/trac/changeset/2278
Redmine 404 errorBroken Link;Vendor Advisory
-
http://trac.lighttpd.net/trac/changeset/2309
Redmine 404 errorBroken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/31599
Third Party Advisory;VDB Entry
-
http://openwall.com/lists/oss-security/2008/09/30/2
oss-security - Re: CVE request: lighttpd issuesMailing List
-
http://secunia.com/advisories/32132
About Secunia Research | FlexeraThird Party Advisory
-
http://openwall.com/lists/oss-security/2008/09/30/1
oss-security - Re: CVE request: lighttpd issuesMailing List
-
http://secunia.com/advisories/32972
About Secunia Research | FlexeraThird Party Advisory
-
http://www.debian.org/security/2008/dsa-1645
[SECURITY] [DSA-1645-1] New lighttpd packages fix various problemsThird Party Advisory
Jump to