Published: 07/11/2018 Updated: 31/03/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in mod_alias_physical_handler in mod_alias.c in lighttpd prior to 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lighttpd lighttpd
opensuse backports sle 15.0
opensuse leap 15.0
opensuse leap 15.1
suse suse linux enterprise server 11
suse suse linux enterprise server 12
debian debian linux 9.0

Debian Bug report logs - #913528 lighttpd: CVE-2018-19052 Package: src:lighttpd; Maintainer for src:lighttpd is Debian QA Group <packages@qadebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 11 Nov 2018 21:21:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in ver ...

An issue was discovered in mod_alias_physical_handler in mod_aliasc in lighttpd before 1450 There is potential / path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character(CV ...

A wrapper for NMAP written in Elixir.

A wrapper for NMAP written in Elixir Used version: Nmap 780 Nmap (network mapper), the god of port scanners used for network discovery and the basis for most security enumeration during the initial stages of a penetration test The tool was written and maintained by Fyodor AKA Gordon Lyon Nmap displays exposed services on a target machine along with other useful informatio

PoC for a security: potential path traversal with specific configs, if `mod_dirlisting` were enabled, which is not the default, this would result in listing the contents of the directory above the alias..

cve-2022-19052 [mod_alias] security: potential path traversal with specific configs Security: potential path traversal of a single directory above the alias target with a specific mod_alias config where the alias which is matched does not end in /, but alias target filesystem path does end in / eg serverdocroot = "/srv/www/host/HOSTNAME/docroot" aliasurl = (

linux related informations about RevoPoint Pop2

revopoint-pop2-linux-info linux related informations about RevoPoint Pop 2 I'm one of the backers of the RevoPoint Pop 2 kickstarter campain and asked for Linux support directly after backing (the reply sounded like "We might look into it when the windows release is more stable") Of course I still hope this will happen officially one day, but I have the device si

CWE-22 https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00054.html https://lists.debian.org/debian-lts-announce/2022/01/msg00012.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913528 https://nvd.nist.gov https://github.com/fklement/hades https://alas.aws.amazon.com/ALAS-2019-1265.html

CVE-2018-19052

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect