The buffer_urldecode function in Lighttpd 1.3.7 and previous versions does not properly handle control characters, which allows remote malicious users to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lighttpd lighttpd 1.3.7 |