Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

lighttpd < 1.4.24 Information Disclosure

Medium

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files or data

Description

According to its banner, the version of lighttpd installed on the remote host is older than 1.4.24. Such versions may be affected by an information-disclosure vulnerability. Specifically, Lighttpd does not correctly handle a file name which has a trailing '\'. An attacker, exploiting this flaw, can request any file within the web root to download or view. This may lead to the loss of condidential data.

Solution

Update lighttpd to version 1.4.24 or later.