CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-3949

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.8%

CVSS Severity

CVSS v2 Score 8.3

References

Products affected by CVE-2007-3949

Lighttpd » Lighttpd » Version: 1.3.11

cpe:2.3:a:lighttpd:lighttpd:1.3.11
Lighttpd » Lighttpd » Version: 1.3.12

cpe:2.3:a:lighttpd:lighttpd:1.3.12
Lighttpd » Lighttpd » Version: 1.3.13

cpe:2.3:a:lighttpd:lighttpd:1.3.13
Lighttpd » Lighttpd » Version: 1.3.14

cpe:2.3:a:lighttpd:lighttpd:1.3.14
Lighttpd » Lighttpd » Version: 1.3.15

cpe:2.3:a:lighttpd:lighttpd:1.3.15
Lighttpd » Lighttpd » Version: 1.3.16

cpe:2.3:a:lighttpd:lighttpd:1.3.16
Lighttpd » Lighttpd » Version: 1.4.1

cpe:2.3:a:lighttpd:lighttpd:1.4.1
Lighttpd » Lighttpd » Version: 1.4.10

cpe:2.3:a:lighttpd:lighttpd:1.4.10
Lighttpd » Lighttpd » Version: 1.4.11

cpe:2.3:a:lighttpd:lighttpd:1.4.11
Lighttpd » Lighttpd » Version: 1.4.12

cpe:2.3:a:lighttpd:lighttpd:1.4.12
Lighttpd » Lighttpd » Version: 1.4.13

cpe:2.3:a:lighttpd:lighttpd:1.4.13
Lighttpd » Lighttpd » Version: 1.4.14

cpe:2.3:a:lighttpd:lighttpd:1.4.14
Lighttpd » Lighttpd » Version: 1.4.15

cpe:2.3:a:lighttpd:lighttpd:1.4.15
Lighttpd » Lighttpd » Version: 1.4.2

cpe:2.3:a:lighttpd:lighttpd:1.4.2
Lighttpd » Lighttpd » Version: 1.4.3

cpe:2.3:a:lighttpd:lighttpd:1.4.3
Lighttpd » Lighttpd » Version: 1.4.4

cpe:2.3:a:lighttpd:lighttpd:1.4.4
Lighttpd » Lighttpd » Version: 1.4.5

cpe:2.3:a:lighttpd:lighttpd:1.4.5
Lighttpd » Lighttpd » Version: 1.4.6

cpe:2.3:a:lighttpd:lighttpd:1.4.6
Lighttpd » Lighttpd » Version: 1.4.7

cpe:2.3:a:lighttpd:lighttpd:1.4.7
Lighttpd » Lighttpd » Version: 1.4.8

cpe:2.3:a:lighttpd:lighttpd:1.4.8
Lighttpd » Lighttpd » Version: 1.4.9

cpe:2.3:a:lighttpd:lighttpd:1.4.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-3949

Products

Pricing

Contact Us