Candidate: CVE-2008-4359
PublicDate: 2008-10-03 17:41:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4359
Description:
 lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect
 and (2) url.rewrite configuration settings before performing URL decoding,
 which might allow remote attackers to bypass intended access restrictions,
 and obtain sensitive information or possibly modify data.
Ubuntu-Description:
Notes:
 jdstrand> according to http://redmine.lighttpd.net/issues/show/1720, the
  upstream patch has been reverted due to too many regressions. As such,
  future versions will need to be checked to ensure it is fixed
Bugs:
 https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_lighttpd:
 debdiff: https://bugs.launchpad.net/ubuntu/jaunty/+source/lighttpd/+bug/279490
upstream_lighttpd: released (1.4.19-5)
dapper_lighttpd: ignored (reached end-of-life)
feisty_lighttpd: ignored (reached end-of-life)
gutsy_lighttpd: ignored (reached end-of-life)
hardy_lighttpd: ignored (reached end-of-life)
intrepid_lighttpd: ignored (reached end-of-life)
jaunty_lighttpd: not-affected (1.4.19-5ubuntu6)
karmic_lighttpd: not-affected (1.4.19-5ubuntu6)
lucid_lighttpd: not-affected (1.4.19-5ubuntu6)
maverick_lighttpd: not-affected (1.4.19-5ubuntu6)
natty_lighttpd: not-affected (1.4.19-5ubuntu6)
oneiric_lighttpd: not-affected (1.4.19-5ubuntu6)
devel_lighttpd: not-affected (1.4.19-5ubuntu6)