CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-0453

The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.1%

CVSS Severity

CVSS v2 Score 5.0

References

http://article.gmane.org/gmane.comp.web.lighttpd/1171
http://secunia.com/advisories/14297
http://security.gentoo.org/glsa/glsa-200502-21.xml
http://article.gmane.org/gmane.comp.web.lighttpd/1171
http://secunia.com/advisories/14297
http://security.gentoo.org/glsa/glsa-200502-21.xml

Products affected by CVE-2005-0453

Lighttpd » Lighttpd » Version: 1.3.7

cpe:2.3:a:lighttpd:lighttpd:1.3.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-0453

Products

Pricing

Contact Us