CVE-2008-4359
Publication date 3 October 2008
Last updated 24 July 2024
Ubuntu priority
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
Status
Package | Ubuntu Release | Status |
---|---|---|
lighttpd | 11.10 oneiric |
Not affected
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
9.10 karmic |
Not affected
|
|
9.04 jaunty |
Not affected
|
|
8.10 intrepid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
7.10 gutsy | Ignored end of life | |
7.04 feisty | Ignored end of life | |
6.06 LTS dapper | Ignored end of life |
Notes
jdstrand
according to http://redmine.lighttpd.net/issues/show/1720, the upstream patch has been reverted due to too many regressions. As such, future versions will need to be checked to ensure it is fixed
Patch details
Package | Patch details |
---|---|
lighttpd |