response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote malicious users to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lighttpd lighttpd 1.1.0 |
||
lighttpd lighttpd 1.1.1 |
||
lighttpd lighttpd 1.1.9 |
||
lighttpd lighttpd 1.2.0 |
||
lighttpd lighttpd 1.2.7 |
||
lighttpd lighttpd 1.2.8 |
||
lighttpd lighttpd 1.3.14 |
||
lighttpd lighttpd 1.3.15 |
||
lighttpd lighttpd 1.3.8 |
||
lighttpd lighttpd 1.3.9 |
||
lighttpd lighttpd 1.4.5 |
||
lighttpd lighttpd 1.4.6 |
||
lighttpd lighttpd 1.1.2 |
||
lighttpd lighttpd 1.1.3 |
||
lighttpd lighttpd 1.2.1 |
||
lighttpd lighttpd 1.1.4 |
||
lighttpd lighttpd 1.1.5 |
||
lighttpd lighttpd 1.1.6 |
||
lighttpd lighttpd 1.2.3 |
||
lighttpd lighttpd 1.2.4 |
||
lighttpd lighttpd 1.3.10 |
||
lighttpd lighttpd 1.3.11 |
||
lighttpd lighttpd 1.3.4 |
||
lighttpd lighttpd 1.3.5 |
||
lighttpd lighttpd 1.4.10 |
||
lighttpd lighttpd 1.4.2 |
||
lighttpd lighttpd 1.4.9 |
||
lighttpd lighttpd 1.0.2 |
||
lighttpd lighttpd 1.0.3 |
||
lighttpd lighttpd 1.1.7 |
||
lighttpd lighttpd 1.1.8 |
||
lighttpd lighttpd 1.2.5 |
||
lighttpd lighttpd 1.2.6 |
||
lighttpd lighttpd 1.3.12 |
||
lighttpd lighttpd 1.3.13 |
||
lighttpd lighttpd 1.3.6 |
||
lighttpd lighttpd 1.3.7 |
||
lighttpd lighttpd 1.4.3 |
||
lighttpd lighttpd 1.4.4 |
||
lighttpd lighttpd 1.2.2 |
||
lighttpd lighttpd 1.3.0 |
||
lighttpd lighttpd 1.3.1 |
||
lighttpd lighttpd 1.3.16 |
||
lighttpd lighttpd 1.3.2 |
||
lighttpd lighttpd 1.3.3 |
||
lighttpd lighttpd 1.4.0 |
||
lighttpd lighttpd 1.4.1 |
||
lighttpd lighttpd 1.4.7 |
||
lighttpd lighttpd 1.4.8 |