Lighttpd: >> Lighttpd >> 1.4.11 Security Vulnerabilities
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.
CVSS Score
8.3
EPSS Score
0.006
Published
2007-07-24
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.
CVSS Score
4.3
EPSS Score
0.018
Published
2007-07-24
Page 3