lighttpd < 1.4.24 Information Disclosure

Medium Nessus Network Monitor Plugin ID 5035


The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files or data


According to its banner, the version of lighttpd installed on the remote host is older than 1.4.24. Such versions may be affected by an information-disclosure vulnerability. Specifically, Lighttpd does not correctly handle a file name which has a trailing '\'. An attacker, exploiting this flaw, can request any file within the web root to download or view. This may lead to the loss of condidential data.


Update lighttpd to version 1.4.24 or later.

See Also

Plugin Details

Severity: Medium

ID: 5035

Family: Web Servers

Published: 2004/08/18

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 4.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:lighttpd:lighttpd

Reference Information

BID: 35097