Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd prior to 1.4.35 allow remote malicious users to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lighttpd lighttpd |
||
debian debian linux 6.0 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 13.1 |
||
suse linux enterprise high availability extension 11 |
||
suse linux enterprise software development kit 11 |
||
contec sv-cpt-mc310_firmware |