CVE-2006-0814

high

Description

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24976

http://www.vupen.com/english/advisories/2006/0782

http://www.securityfocus.com/bid/16893

http://www.securityfocus.com/archive/1/426446/100/0/threaded

http://www.osvdb.org/23542

http://trac.lighttpd.net/trac/changeset/1005

http://securitytracker.com/id?1015703

http://securityreason.com/securityalert/523

http://secunia.com/secunia_research/2006-9/advisory/

http://secunia.com/advisories/18886

Details

Source: Mitre, NVD

Published: 2006-03-06

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00781