Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Lighttpd < 1.3.8 CGI Source Disclosure

Medium

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote host is running Lighttpd, a small webserver. This version of Lighttpd is vulnerable to a flaw where an attacker requesting a CGI script appended by a '%00' will be able to read the source of the script.

Solution

Upgrade to 1.3.8 or higher.