FreeBSD : lighttpd -- multiple vulnerabilities (fb911e31-8ceb-11dd-bb29-000c6e274733)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Lighttpd seurity announcement :

lighttpd 1.4.19, and possibly other versions before 1.5.0, does not
decode the url before matching against rewrite and redirect patterns,
which allows attackers to bypass rewrites rules. this can be a
security problem in certain configurations if these rules are used to
hide certain urls.

lighttpd 1.4.19, and possibly other versions before 1.5.0, does not
lowercase the filename after generating it from the url in mod_userdir
on case insensitive (file)systems.

As other modules are case sensitive, this may lead to information
disclosure; for example if one configured php to handle files ending
on '.php', an attacker will get the php source with
http://example.com/~user/file.PHP

lighttpd 1.4.19 does not always release a header if it triggered a 400
(Bad Request) due to a duplicate header.

See also :

http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
http://www.nessus.org/u?3bd1f62f

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34310 (freebsd_pkg_fb911e318ceb11ddbb29000c6e274733.nasl)

Bugtraq ID: 31434

CVE ID: CVE-2008-4298
CVE-2008-4359
CVE-2008-4360

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now