mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.
References
Configurations
History
No history.
Information
Published : 2007-07-24 00:30
Updated : 2024-02-04 17:13
NVD link : CVE-2007-3949
Mitre link : CVE-2007-3949
CVE.ORG link : CVE-2007-3949
JSON object : View
Products Affected
lighttpd
- lighttpd
CWE