The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files or data
According to its banner, the version of lighttpd installed on the remote host is older than 1.4.24. Such versions may be affected by an information-disclosure vulnerability. Specifically, Lighttpd does not correctly handle a file name which has a trailing '\'. An attacker, exploiting this flaw, can request any file within the web root to download or view. This may lead to the loss of condidential data.
Update lighttpd to version 1.4.24 or later.