lighttpd < 1.4.24 Information Disclosure
Medium Nessus Network Monitor Plugin ID 5035
SynopsisThe remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files or data
DescriptionAccording to its banner, the version of lighttpd installed on the remote host is older than 1.4.24. Such versions may be affected by an information-disclosure vulnerability. Specifically, Lighttpd does not correctly handle a file name which has a trailing '\'. An attacker, exploiting this flaw, can request any file within the web root to download or view. This may lead to the loss of condidential data.
SolutionUpdate lighttpd to version 1.4.24 or later.