PublicDate: 2008-03-10 21:44:00 UTC
Candidate: CVE-2008-1270
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1270
Description:
 mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set,
 uses a default of $HOME, which might allow remote attackers to read
 arbitrary files, as demonstrated by accessing the ~nobody directory.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/200987
Priority: low
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_lighttpd:
 debdiff: https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/200987
upstream_lighttpd: needed
dapper_lighttpd: released (1.4.11-3ubuntu3.8)
edgy_lighttpd: released (1.4.13~r1370-1ubuntu1.6)
feisty_lighttpd: released (1.4.13-9ubuntu4.5)
gutsy_lighttpd: released (1.4.18-1ubuntu1.3)
devel_lighttpd: released (1.4.18-1ubuntu6)