This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The web server running on the remote host has an information
The version of lighttpd installed on the remote host may disclose the
source code of files such as PHP scripts when a '/' is appended to a
URL corresponding to a symbolic link. This vulnerability occurs only
on certain operating systems (FreeBSD, Mac OS X, and Solaris prior to
version 10 are known to be affected) and arises because of a bug in
the operating system itself in which adding a trailing slash to a
symbolic link pointing to a regular file returns the link itself.
See also :
Upgrade to lighttpd 1.4.23 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 39006 (lighttpd_trailing_slash.nasl)
Bugtraq ID: 35097