FreeBSD : lighttpd -- script source disclosure vulnerability (bdad9ada-8a52-11d9-9e53-000a95bc6fae)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The lighttpd website reports :

In lighttpd 1.3.7 and below it is possible to fetch the source files
which should be handled by CGI or FastCGI applications.

The vulnerability is in the handling of urlencoded trailing NUL bytes.
Installations that do not use CGI or FastCGI are not affected.

See also :

http://article.gmane.org/gmane.comp.web.lighttpd/1171
http://www.nessus.org/u?3a881122
http://xforce.iss.net/xforce/xfdb/19350
http://www.nessus.org/u?853d0dc9

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19104 (freebsd_pkg_bdad9ada8a5211d99e53000a95bc6fae.nasl)

Bugtraq ID: 12567

CVE ID: CVE-2005-0453

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now