Vulnerability Description
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lighttpd | Lighttpd | 1.0.2 |
References
- http://secunia.com/advisories/18886PatchVendor Advisory
- http://secunia.com/secunia_research/2006-9/advisory/PatchVendor Advisory
- http://securityreason.com/securityalert/523
- http://securitytracker.com/id?1015703
- http://trac.lighttpd.net/trac/changeset/1005
- http://www.osvdb.org/23542
- http://www.securityfocus.com/archive/1/426446/100/0/threaded
- http://www.securityfocus.com/bid/16893
- http://www.vupen.com/english/advisories/2006/0782
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24976
- http://secunia.com/advisories/18886PatchVendor Advisory
- http://secunia.com/secunia_research/2006-9/advisory/PatchVendor Advisory
- http://securityreason.com/securityalert/523
- http://securitytracker.com/id?1015703
- http://trac.lighttpd.net/trac/changeset/1005
FAQ
What is CVE-2006-0814?
CVE-2006-0814 is a vulnerability with a CVSS score of 5.0 (MEDIUM). response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space ...
How severe is CVE-2006-0814?
CVE-2006-0814 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0814?
Check the references section above for vendor advisories and patch information. Affected products include: Lighttpd Lighttpd.