CVE-2008-4359 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-4359 Interim 1 8 2023-12-09T02:08:05Z current 2021-05-30T12:44:04Z 2023-12-09T02:08:05Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-4359 lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BLYDQ2NBC4T3JBPATZ23TNPG4S2NAS4M/#BLYDQ2NBC4T3JBPATZ23TNPG4S2NAS4M E-Mail link for SUSE-SR:2008:026 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed lighttpd-1.4.59-2.1 lighttpd-mod_authn_gssapi-1.4.59-2.1 lighttpd-mod_authn_ldap-1.4.59-2.1 lighttpd-mod_authn_mysql-1.4.59-2.1 lighttpd-mod_authn_pam-1.4.59-2.1 lighttpd-mod_authn_sasl-1.4.59-2.1 lighttpd-mod_cml-1.4.59-2.1 lighttpd-mod_magnet-1.4.59-2.1 lighttpd-mod_maxminddb-1.4.59-2.1 lighttpd-mod_mysql_vhost-1.4.59-2.1 lighttpd-mod_rrdtool-1.4.59-2.1 lighttpd-mod_trigger_b4_dl-1.4.59-2.1 lighttpd-mod_vhostdb_dbi-1.4.59-2.1 lighttpd-mod_vhostdb_ldap-1.4.59-2.1 lighttpd-mod_vhostdb_mysql-1.4.59-2.1 lighttpd-mod_vhostdb_pgsql-1.4.59-2.1 lighttpd-mod_webdav-1.4.59-2.1 lighttpd-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_authn_gssapi-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_authn_ldap-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_authn_mysql-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_authn_pam-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_authn_sasl-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_cml-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_magnet-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_maxminddb-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_mysql_vhost-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_rrdtool-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_trigger_b4_dl-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_vhostdb_dbi-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_vhostdb_ldap-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_vhostdb_mysql-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_vhostdb_pgsql-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd-mod_webdav-1.4.59-2.1 as a component of openSUSE Tumbleweed lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. CVE-2008-4359 openSUSE Tumbleweed:lighttpd-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_authn_gssapi-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_authn_ldap-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_authn_mysql-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_authn_pam-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_authn_sasl-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_cml-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_magnet-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_maxminddb-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_mysql_vhost-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_rrdtool-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_trigger_b4_dl-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_vhostdb_dbi-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_vhostdb_ldap-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_vhostdb_mysql-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_vhostdb_pgsql-1.4.59-2.1 openSUSE Tumbleweed:lighttpd-mod_webdav-1.4.59-2.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P