Published: 10/03/2008 Updated: 11/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

mod_userdir in lighttpd 1.4.18 and previous versions, when userdir.path is not set, uses a default of $HOME, which might allow remote malicious users to read arbitrary files, as demonstrated by accessing the ~nobody directory.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lighttpd lighttpd

Vendor Advisories

Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system This problem could only occur with a non-standard configuration For the stable distribution (etch), this problem has been fixed in version 1413-4etch6 We recommend that y ...


source: wwwsecurityfocuscom/bid/28226/info The 'lighttpd' program is prone to a vulnerability that may allow attackers to access sensitive information because the application fails to properly handle exceptional conditions Information obtained may aid in further attacks This issue affects lighttpd 1418; other versions may also be vu ...