CVE-2006-0814 Information

Description

response.c in Lighttpd 1.4.10 and possibly previous versions when run on Windows allows remote attackers to read arbitrary source code via requests that contain trailing (1) .\ (dot) and (2) space characters which are ignored by Windows as demonstrated by PHP files.

Reference

http://secunia.com/advisories/18886 http://secunia.com/secunia_research/2006-9/advisory/ http://securityreason.com/securityalert/523 http://securitytracker.com/id?1015703 http://trac.lighttpd.net/trac/changeset/1005 http://www.osvdb.org/23542 http://www.securityfocus.com/archive/1/426446/100/0/threaded http://www.securityfocus.com/bid/16893 http://www.vupen.com/english/advisories/2006/0782 https://exchange.xforce.ibmcloud.com/vulnerabilities/24976